Governing Information Security in Conjunction With Cobit and ISO 27001
Source: Middle East Technical University
In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS0 27001 and implementing both COBIT and ISO 27001 together when governing information security in enterprises will be issued. Information Security Management System (ISMS) is a set of processes and the main goal of those systems is to manage information security issues in an enterprise. ISMS uses Plan-Do-Check-Act (PDCA) model and the input of this model is information security requirements and expectations. The expected output is obviously managed information security.