Q&A

What is the difference between COBIT and ISO 27001?

Cairon Davison

What is the difference between COBIT and ISO 27001?

The key difference between ISO 27001 and COBIT is that the first one is solely for the purpose of information security, and the second one is for management and governance of information technology business processes. It helps an organization to map its own business goals to its IT goals.

How are COBIT NIST and ISO related to each other?

COBIT (published by ITGI) is a high-level framework (relative to ITIL, ISO 27002 and NIST) that maps core IT processes in a manner that allows governance bodies – usually business executives – to successfully execute key policies and procedures.

Is ISO 27000 a framework?

The ISO 27000 family of information security management standards is a series of mutually supporting information security standards that can be combined to provide a globally recognised framework for best-practice information security management.

What is the ISO 27k series of documents?

The ISO/IEC 27000-series (also known as the ‘ISMS Family of Standards’ or ‘ISO27K’ for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

What is the difference between NIST and COBIT?

COBIT refers to the appropriate NIST publications at the process level, and NIST refers to COBIT practices as informative references. This allows for better mapping, reduced duplication, and a broader view of a cyber security program as a part of an overall GEIT initiative. They both provide a holistic approach.

What is the purpose of ISO IEC 27000?

ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards.

How does ISO 27000 define information system?

ISO/IEC 27000 “provides an overview of information security management systems” (and hence the ISO27k standards), and “defines related terms” (i.e. a glossary that formally and explicitly defines many of the specialist terms as they are used and should be interpreted within the ISO27k standards).

What is the ISO 27000 series of standards?

The ISO/IEC 27000-series (also known as the ‘ ISMS Family of Standards’ or ‘ISO27K’ for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

What is the difference between ISO 27001 and ISO 27002?

The difference is that the ISO 27001 standard has an organizational focus and details requirements against which an organization’s Information Security Management System (ISMS) can be audited. ISO 27002 on the other hand is more focused on the individual and provides a code of practice for use by individuals within an organization.

What is ISO 2700?

The ISO/IEC 27000-series (also known as the ‘ ISO 27000 Family of Standards’) comprises mutually supporting information security standards that together provide a globally recognised framework for best-practice information security management.

What is COBIT framework?

COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance.