모바일 오유 바로가기
http://m.todayhumor.co.kr
분류 게시판
베스트
  • 베스트오브베스트
  • 베스트
  • 오늘의베스트
  • 유머
  • 유머자료
  • 유머글
  • 이야기
  • 자유
  • 고민
  • 연애
  • 결혼생활
  • 좋은글
  • 자랑
  • 공포
  • 멘붕
  • 사이다
  • 군대
  • 밀리터리
  • 미스터리
  • 술한잔
  • 오늘있잖아요
  • 투표인증
  • 새해
  • 이슈
  • 시사
  • 시사아카이브
  • 사회면
  • 사건사고
  • 생활
  • 패션
  • 패션착샷
  • 아동패션착샷
  • 뷰티
  • 인테리어
  • DIY
  • 요리
  • 커피&차
  • 육아
  • 법률
  • 동물
  • 지식
  • 취업정보
  • 식물
  • 다이어트
  • 의료
  • 영어
  • 맛집
  • 추천사이트
  • 해외직구
  • 취미
  • 사진
  • 사진강좌
  • 카메라
  • 만화
  • 애니메이션
  • 포니
  • 자전거
  • 자동차
  • 여행
  • 바이크
  • 민물낚시
  • 바다낚시
  • 장난감
  • 그림판
  • 학술
  • 경제
  • 역사
  • 예술
  • 과학
  • 철학
  • 심리학
  • 방송연예
  • 연예
  • 음악
  • 음악찾기
  • 악기
  • 음향기기
  • 영화
  • 다큐멘터리
  • 국내드라마
  • 해외드라마
  • 예능
  • 팟케스트
  • 방송프로그램
  • 무한도전
  • 더지니어스
  • 개그콘서트
  • 런닝맨
  • 나가수
  • 디지털
  • 컴퓨터
  • 프로그래머
  • IT
  • 안티바이러스
  • 애플
  • 안드로이드
  • 스마트폰
  • 윈도우폰
  • 심비안
  • 스포츠
  • 스포츠
  • 축구
  • 야구
  • 농구
  • 바둑
  • 야구팀
  • 삼성
  • 두산
  • NC
  • 넥센
  • 한화
  • SK
  • 기아
  • 롯데
  • LG
  • KT
  • 메이저리그
  • 일본프로야구리그
  • 게임1
  • 플래시게임
  • 게임토론방
  • 엑스박스
  • 플레이스테이션
  • 닌텐도
  • 모바일게임
  • 게임2
  • 던전앤파이터
  • 마비노기
  • 마비노기영웅전
  • 하스스톤
  • 히어로즈오브더스톰
  • gta5
  • 디아블로
  • 디아블로2
  • 피파온라인2
  • 피파온라인3
  • 워크래프트
  • 월드오브워크래프트
  • 밀리언아서
  • 월드오브탱크
  • 블레이드앤소울
  • 검은사막
  • 스타크래프트
  • 스타크래프트2
  • 베틀필드3
  • 마인크래프트
  • 데이즈
  • 문명
  • 서든어택
  • 테라
  • 아이온
  • 심시티5
  • 프리스타일풋볼
  • 스페셜포스
  • 사이퍼즈
  • 도타2
  • 메이플스토리1
  • 메이플스토리2
  • 오버워치
  • 오버워치그룹모집
  • 포켓몬고
  • 파이널판타지14
  • 배틀그라운드
  • 기타
  • 종교
  • 단어장
  • 자료창고
  • 운영
  • 공지사항
  • 오유운영
  • 게시판신청
  • 보류
  • 임시게시판
  • 메르스
  • 세월호
  • 원전사고
  • 2016리오올림픽
  • 2018평창올림픽
  • 게시판찾기
  • 게시물ID : antivirus_1304
    작성자 : 똥고집 (가입일자:2014-04-27 방문횟수:1304)
    추천 : 0
    조회수 : 2940
    IP : 158.57.***.68
    댓글 : 0개
    등록시간 : 2015/11/11 00:46:10
    http://todayhumor.com/?antivirus_1304 모바일
    Comparison of COBIT, ITIL, ISO and NIST
    옵션
    • 펌글

    헷갈릴 수 있는 부분을 잘 정리한 글이네요.

    일반적으로 COBIT은 business관점 중심, NIST는 미국 내 정부,기간 사업 중심, ISO27001은 Control of practice, ISO27002는 Practice of IS, ITIL은 Best Practice from UK but not limited to.

    어떤 관점에서 Information Security in planing and practice를 접근, 적용해야할까 또는 audit해야할때, 한번 읽어보고 standard나 policy를 검토할 때 도움이 되지 않을까 싶습니다.



    A Comparison of COBIT, ITIL, ISO 27002 and NIST

    This post discusses four standards related to implementing a risk management framework. While alike in some areas, they generally target different industries and may be applicable only within certain geographic boundaries.

    The standards discussed here are:

    • COBIT (Control Objective over Information and related Technology)
    • ITIL (Information Technology Infrastructure Library)
    • ISO 27002
    • NIST (NIST Special Publication 800-37 Revision 1)

    Purpose


    • COBIT (published by ITGI) is a high-level framework (relative to ITIL, ISO 27002 and NIST) that maps core IT processes in a manner that allows governance bodies - usually business executives - to successfully execute key policies and procedures. Similar to ISO 27002, it answers the ‘what’ that is being managed, as opposed to the ‘how’ answered by ITIL. However, whereas ITIL and ISO 27002 are focused only on information security, COBIT allows for a much broader scope, taking into account all of IT management processes.
    • ITIL is a set of best practices an organization may implement in order to align IT resources and offerings to business goals. It is offered in a series of five core publications each corresponding to a stage in the lifecycle of IT. This process produces documentation of processes, tasks and checklists not specific to the organization with a goal of being able to create a baseline from which to implement controls and measure success.
    • ISO 27002 provides best practice recommendations for an ISMS (Information Security Management System) standard implemented most often by using ISO 27001. Both were produced by the ISO (International Organization for Standard). While 27001 formulates a management system that to control information security, it does not provide specific or industry-related controls – that is left up to ISO 27002.
    • NIST Special Publication 800-53 is a requisite for federal bodies in the U.S. for security control compliance, with the exception of those associated with national security. It is published by the National Institute of Standards and Technology, and is related to FISMA (2002).

    Common Uses


    • COBIT is usually employed by business executives to successfully execute key policies and procedures. dditionally, it is often used to tie together controls, technical issues and risks within an organization.
    •  ITIL was originally designed for use within the U.K. government and is most applicable within that realm. However, it is now an globally accepted standard and is in-use by many companies outside the geographical area of origin.
    • ISO 27002 is commonly used by or in accord with an IT department specific to the organization. The IT department is the focus of the resulting management system controls.
    • NIST covers all steps in the Risk Management Framework that addresses the selection of security controls according to FIPS (Federal Information Processing Standard) 200. It is used by U.S. federal organizations to meet ISMS requirements.


    Strengths


    • COBIT is managed by ISACA (Information Systems Audit and Control Association) and keeps the standard up-to-date and on-par with current technology. It is a globally accepted standard and encompassed far more than just the information security scope that other standards are limited to. Accordingly, it is also easier to partially implement COBIT without requiring a full-spectrum analysis and commitment by the organization.
    • ITIL is created and managed by the U.K. government, and is a natural fit for companies in that area of the world. However, the ITIL standard is used worldwide and may be considered for any company regardless of geographical location. ITIL excels at increasing visibility into and management of internal process to positively impact efficiency and economy.
    • ISO 27002 is associated with a very respected and widely known standard (ISO 27001), and will be recognized and understood by those familiar with the ISO/IEC standards. This standard allows system managers to identify and mitigate gaps and overlaps in coverage.
    • The level of detail afforded by implementing a framework based on NIST is considerable, and an organization not wishing to spend time on customizing a framework for their specific industry or nature may wish to use NIST assuming that the level of detail is complimentary to its goals.


    Weaknesses


    • While being widely scoped is can be viewed as a strength for COBIT, it can also be a detractor during implementation. Being by design not limited to a single area, it can often lead to gaps in coverage.
    • While focused on information security only, ITIL is considered to be a higher-level standard than ISO 27002, and points to ISO standards for detailed implementation. Specific implementation details are rather lacking.
    • ISO 27002 is focused specifically and purposefully on information security and is therefore limited in scope compared to other standards such as COBIT.
    • Similar to ISO 27002, NIST is limited in scope to information security, whereas COBIT and ITIL are more general in nature. Multiple publications must be processed and implemented in order to achieve compliance, which can lead to coverage gaps.

    Certification and Accreditation


    • ISACA, the author of COBIT, offers 4 levels of certification for individuals:
    1. Certified Information Systems Auditor Learn more about CISA (CISA)
    2. Certified Information Security Manager Learn more about CISM (CISM)
    3. Certified in the Governance of Enterprise IT (CGEIT)
    4. Certified in Risk and Information Systems Control (CRISC)
    • ITIL offers 4 levels of certification at the individual level (There are no organizational-level certifications at this time):
    1. Foundation
    2. Intermediate
    3. Expert
    4. Master
    • ISO 27002 can be applied to all sizes of organizations, and as a result is difficult to attach a compliance specification to. However, the associated standard ISO 27001 is very well aligned with ISO 27002 and does provide a certification path for organizations. Certification remains relatively rare, however.
    • Federal bodies do not obtain an NIST certification, but rather are certified by obtaining and maintain proof of adherence to a number of other federal regulations related to FISMA. A key part of the process is the selection and implementation of a subset of the controls as put forth by the NIST standard and FIPS 200. Compliance was required by the end of 2005.

    When to Use


    • COBIT is a good candidate when an organization wishes to create an organization-wide framework for management that is scoped outside of information security only. While not providing direct accreditation, certification can be achieved through closely aligned paths.
    • ITIL points to ISO standards as a framework in which to implement a solution. This applies well for organizations wishing to use ISO standards with global recognition without necessarily achieving an ISO 27001 certification.
    • The associated certification for ISO 27002 (ISO 27001) provides a worldwide recognition and acceptance, and therefore organizations wishing to operation across international boundaries may find implementation and certification advantageous. Additionally, some ISO 27001 certified companies require partners to become certified as well.
    • U.S. government organizations are required to use NIST in order to comply with federal law. Additionally, non-federal organizations may also use the NIST standard, but other standards such as ISO 27002 or ITIL may be better suited as NIOST can be difficult to implement for some organizations.


    출처 http://agnosticationater.blogspot.com/2013/12/a-comparison-of-cobit-itil-iso-27002.html

    이 게시물을 추천한 분들의 목록입니다.
    푸르딩딩:추천수 3이상 댓글은 배경색이 바뀝니다.
    (단,비공감수가 추천수의 1/3 초과시 해당없음)

    죄송합니다. 댓글 작성은 회원만 가능합니다.

    번호 제 목 이름 날짜 조회 추천
    1332
    항의] 베오베 복귀해주세요. 오유워보이 18/01/15 04:28 1338 0
    1331
    백신 하나 추천받으러 왔다가 본인삭제금지 모래날개 17/12/04 11:26 1535 1
    1329
    Kaspersky anti-virus 창작글 똥고집 17/10/06 06:43 1669 0
    1328
    요즘 다들 베오베 가는데 우리 게시판은 창작글 똥고집 17/09/15 21:51 1519 1
    1327
    안녕하세요 많은분들이 여쭤보시는 광고창[애드웨어]에 대해 알려드립니다. LovelyFish 17/04/25 22:55 3198 1
    1325
    어베스트 바이러스 검사가 안됩니다 사고쳤어요 17/01/26 14:58 1969 0
    1323
    그 이름 하야 봉이김리신 16/11/08 02:33 2052 0
    1322
    자동으로 인터넷창이 뜹니다 ㅠ [2] 본인삭제금지 SuddenJet 16/09/19 14:24 2295 0
    1321
    오유에서 뒤로 가기 누르면 [1] 본인삭제금지 잠행도적 16/08/19 17:26 2263 0
    1320
    본격 로스트사가 계정 해킹당한거 (이놈뭐냐) 냐냐냠냠 16/08/16 23:51 2230 0
    1319
    이거 왜이런거죠?? 바이러스 맞나요? 베스트금지본인삭제금지 경군이 16/08/02 10:44 2927 0
    1318
    (질문)바이러스 방지 프로그램 어떤 거 사용하시나요 [3] 본인삭제금지 tokkida 16/06/28 16:58 2478 0
    1317
    바이로봇이라는 백신은 안전모드에서 사용이 불가능한가요?(본삭금) 본인삭제금지 거유거유로리! 16/06/26 09:20 2365 0
    1314
    avg백신 질문드립니다.(본삭금) [2] 본인삭제금지 거유거유로리! 16/04/16 13:32 2479 0
    1312
    컴퓨터가 느려져서 한번 밀어야겠다? Looker 16/03/04 08:06 2509 0
    1311
    컴맹이 v9 지우는법 여쭤봅니다... [1] 본인삭제금지 깊은밤굿모닝 16/02/03 11:10 2749 1
    1310
    게시판 발굴 뷰게남징어 16/01/29 23:05 2518 0
    1308
    방패 1등 sodoge 16/01/02 19:39 2673 0
    1306
    스마트폰이 바이러스 걸린듯 [3] 본인삭제금지외부펌금지 흡성대법 15/11/15 14:41 3474 0
    1305
    Internet 연결 TV 보안 문제 똥고집 15/11/13 05:34 2858 0
    Comparison of COBIT, ITIL, ISO and NIST 펌글 똥고집 15/11/11 00:46 2941 0
    1303
    Botnet에 대한 최근 글 펌글 똥고집 15/11/06 22:12 2811 0
    1302
    2015 Data Breach Investigations Report 창작글 똥고집 15/11/04 04:13 2910 0
    1301
    www.support.me이거 뭔가요? [1] 본인삭제금지 깊은밤굿모닝 15/10/16 11:14 2926 0
    1300
    이런 게시판이 있었는지도 몰랐네요... 바위777 15/10/10 07:03 3006 1
    1298
    이곳은 안티바이러스니까 [1] 창작글본인삭제금지 고객서비스 15/09/06 02:57 3101 0
    1297
    솔직히 말해서 알약은 백신이 아니라 애드웨어같다 자취생오유인 15/09/03 18:17 3339 0
    1295
    모르는 사람으로부터 온 텔레그램 메시지 열어도 될까요? [2] aoaaoaaoa 15/07/25 00:01 4158 0
    1293
    쉴드 봉구스밤버거 15/07/07 23:53 3166 0
    1292
    오랜만이야 목욕통 15/07/06 20:01 3145 0
    [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [다음10개▶]
    단축키 운영진에게 바란다(삭제요청/제안) 운영게 게시판신청 자료창고 보류 개인정보취급방침 청소년보호정책