Resources for Federal Information Security Management Act (FISMA)

ISO, ITIL and COBIT triple play fosters optimal security management execution

www.scmagazineus.com

In a survey of security professionals conducted for the recent research report Security Management Matures, ESG discovered that 72 percent of North American enterprise-class organizations (i.e., organizations with 1,000 or more employees) say they are implementing one or more formal IT best practice control and process models.
Among survey participants, 18 percent have simultaneously implemented ITIL, ISO and COBIT. Of those implementing just one set of standards, ITIL is the most frequently selected (16 percent) followed by ISO (11 percent). A significant 17 percent have not implemented any type of framework at this time. An additional 20 percent have implemented other best practices or did not know whether their organization used these types of frameworks.

Organizations making concurrent investments in ITIL, ISO and COBIT are often subject to significantly greater levels of external compliance pressure than are organizations choosing to focus on a single set of best practices. Over three-quarters (76 percent) of the organizations implementing all three sets of guidelines indicate that demands to comply with external regulations were very influential in defining their security management requirements during the past year. In contrast, only 44 percent of those implementing ITIL alone and 51 percent of those with no frameworks in place felt the same way.

View the Resource

Share or bookmarklet this web page at: