ABSTRACT
Control frameworks and security standards are often interchangeable terms depending upon the creator. Control Objectives for Information and related Technology (COBIT) framework defines a control framework as a tool for business process owners that facilitates the discharge of their responsibilities through the provision of a supporting control model. This chapter presents some examples of the control frameworks and standards that address information security requirements. The COBIT framework examines the effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability aspects of the high-level control objectives. The model defines four domains for governance, namely, planning and organization, acquisition and implementation, delivery and support, and monitoring. Each of the standards and control frameworks contributes in their own way and the astute security professional will become familiar with each of them. COBIT provides an excellent overall governance framework that ties together business goals, governance drivers, business outcomes, and IT resources, processes, and goals.
