IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) are not primarily focused on security; however, both contain elements that touch on security issues. ITIL provides a foundation for managing IT infrastructure, with a primary focus on service support and service delivery. It also covers some aspects of information security management, although this material has not been updated for a number of years.
COBIT is an IT governance standard, and a mature one at that - version 4.0 was released this year, and version 4.1 is in the pipeline. COBIT focuses on controls that provide management with assurance that IT is operating in a controlled manner. With the introduction of Sarbanes-Oxley legislation in the U.S., elements of COBIT have been widely adopted to assist in providing assurance of the effectiveness of internal controls over financial reporting. Like ITIL, COBIT can be used to drive some information security improvements, though its primary focus lies elsewhere.
This is the first of two checklists that can be used to ensure that all non-standard operational events (incidents, errors and problems) are identified, recorded, analyzed and resolved through the use of a suitable problem management system. COBIT Delivery Standard 10 – Manage Problems and Incidents, identifies objectives for managing problems and incidents. The specific objectives listed in this checklist can be mapped onto relevant IT Infrastructure Library (ITIL) activities. The first checklist deals with incident management.