Material Detail

The assessment of Enterprise Governance of IT (EGIT) frameworks and standards such as COBIT 5 and ISO 27001, when adopted simultaneously, implies an unreasonable effort because each framework and standard defines its own scope, definitions, and terminologies. Using these frameworks and standards independently prevents organizations from achieving the full benefits of EGIT since there are limitations on their application to specific Information Technology (IT) areas. Also, as these frameworks and standards overlap, at a time when organizations strive to be efficient and effective, it seems counterintuitive to be wasting resources by having different organizational departments handling both approaches independently. Thus, the primary goal of this paper is to facilitate the COBIT 5 and ISO 27001 simultaneous assessment. To reach this goal, an Enterprise Architecture (EA) metamodel representation of ISO 27001 and its mapping to COBIT 5 is proposed using ArchiMate as the EA modeling language. The ISO 27001 metamodel is also extended with ISO/IEC Technical Specification (TS) 33052 and ISO/IEC TS 33072 because these standards propose a Process Reference Model and a Process Assessment Model for Information Security management, which are essential models to assess ISO 27001 and COBIT 5 simultaneously. A field study was conducted in the Portuguese Navy regarding the COBIT 5 Manage Service Requests and Incidents process and its corresponding controls in ISO 27001 through the mapped ISO/ IEC TS 33052 processes.

This will delete the comment from the database. This operation is not reversible. Are you sure you want to do it?

Thank you for reporting a broken "Go to Material" link in MERLOT to help us maintain a collection of valuable learning materials.

If you feel this material is inappropriate for the MERLOT Collection, please click SEND REPORT, and the MERLOT Team will investigate. Thank you!

You are being taken to the material on another site. This will open a new window.

Do not show me this again