Most organizations employ multiple frameworks and standards for implementing and controlling technology. Here are some publications that map COBIT to other sources of guidance. While this is slightly out of date in terms of TOGAF it is still an interesting read to see how these frameworks relate.

COBIT Mapping Overview of International IT Guidance 2nd Edition

This document can be used to align guidance supporting IT governance, especially regarding IT control and IT security guidance in relationship to COBIT. It lists over a dozen international standards/guidance, and for each one provides a classification, a short overview of the contents and the business driver for implementing the guidance, and the risks of noncompliance. Included are:

  • COSO
  • ITIL
  • ISO/IEC 17799:2005
  • FIPS Pub 200
  • ISO/IEC TR13335
  • ISO/IEC 15408 2005/Common Criteria/ITSEC
  • TickIT
  • CMMI
  • TOGAF 8.1
  • IT Baseline Protection Manual
  • NIST 800-14.

Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit

IT best practices should be aligned to business requirements and processes. Organizations often use multiple frameworks to inform how to achieve this. This management briefing is the result of a joint study initiated by the UK’s Office of Government Commerce and the IT Governance Institute. It was first published in November 2005, and was updated in August 2008 to reflect the latest versions of three sets of guidance:

  • ITIL V3-Published by the UK government to provide a best practice framework for IT service management
  • COBIT 4.1-Published by ITGI and positioned as a high-level governance and control framework over IT processes
  • ISO/IEC 27002:2005-Published by the International Organization for Standardization (ISO) and International Electro technical Commission (IEC) a to provide a framework of a standard for information security management

The appendices provide mappings:

  • COBIT to sections of ITIL and ISO/IEC 27002
  • ITIL key topics to COBIT
  • ISO/IEC 27002 classifications to COBIT