Extends ISO 9001 quality management principles to information security management systems.

Guidance for internal auditors and management on the effective management, audit, measurement, and business case development for stringent control over changes to technology systems.

A survey of existing and proposed global regulations related to cryptography, including a map of import, export, and domestic controls and a crypto and self-incrimination FAQ.

This document provides a linkage between the Shared Assessments Standardized Information Gathering (SIG) Questionnaire and certain federal regulatory requirements and international standards. This linkage is presented in the form of a "map" that highlight ...

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, ...

Guidance on the management and assessment of information security, IT general controls, assurance, and risk management. Covers discussions with executives and management and addressing concerns of C-level executives.

a detailed mapping of A Guide to the Project Management Body of Knowledge (PMBOK Guide) Third Edition (2004), from the Project Management Institute (PMI), with COBIT 4.0.

Guidance on the assessment and audit of application controls, relation of application controls to general controls, scoping of a risk-based control review, and execution of application control reviews. Developed for internal audit executives and auditors.

A high-level mapping between COBIT IT governance framework, ITIL service management guidance, and ISO 27002 information security standard to support an overall governance and control framework based on an IT process model.

As technology advances, so do schemes to commit fraud. Therefore, technology can not only be used to perpetrate fraud, but also to prevent and detect it. Using technology to implement real-time fraud prevention and detection programs will enable organizat ...

A detailed mapping of TOGAF 8.1 architectural framework, issued by The Open Group, with COBIT 4.0.

Provides an overview of techniques for effectively engaging with project teams and management to assess the risks related to IT projects. This Practice Guide covers: 1)Key project management risks; 2) Auditor involvement and independence; 3)Five key compo ...

Provides scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Includes a COSO-to-COBIT mapping.

Using the IT-CMF, top executives and practitioners can adopt four inter-related strategies and associated maturity curves to help manage and deliver more value from IT. The IT-CMF is the result of the synthesis of leading academic research, industry best ...

A detailed mapping of NIST SP800-53 (Rev 1) information security control standard with with COBIT 4.1.

Val IT does not operate in a vacuum. Today, several other standards and collections of best practices are available that show how to manage specific facets of the IT projects and programs within enterprises. This publication provides a mapping to compare ...

An industry-neutral, generic framework, the GPG offers guidance for continuity program development, incident readiness and response, business impact analyses, business continuity planning, post-incident public relations, readiness assessment and audit, an

Establishes a general foundation for planning, implementing, assessing, and improving internal controls.

Guidance for auditors and management on preparing for disruptive natural or man-made events. Covers planning and assessment of continuity programs for critical IT infrastructure and business application systems.

A global overview of COBIT in relation to COSO, ITIL, ISO/IEC 17799:2005, FIPS Pub 200, ISO/IEC TR13335, ISO/IEC 15408, 2005, PRINCE2, PMBOK, TickIT, CMMI, TOGAF 8.1, IT Baseline Protection Manual, and NIST 800-14