| COBIT |
|
|
Board Briefing on IT Governance
|
Outline of governance and the roles required to execute successfully.
(http://www.itgi.org/template_ITGI.cfm?template=/ContentManagement/ContentDisplay.cfm&ContentID=15994)
|
|
CEO Guide to IT Value @ Risk
|
Glossy overview of the need for IT governance.
(http://www.itgi.org/Template.cfm?Section=Home&CONTENTID=18330&TEMPLATE=/ContentManagement/ContentDisplay.cfm)
|
|
COBIT version 4
|
Control OBjectives for Information and related Technologies. The defining document.
(http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=55&ContentID=7981)
|
|
COBIT Audit Guidelines
|
Guidelines on using COBIT.
(https://www.isaca.org/Template.cfm?Section=Home&Template=/MembersOnly.cfm&ContentID=22882)
|
|
COBIT Foundation Certification
|
Overview of the requirements for the COBIT Foundation Exam.
(http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=19542&TEMPLATE=/ContentManagement/ContentDisplay.cfm)
|
|
COBIT Implementation Toolset
|
Guidelines on implementing COBIT.
(http://www.isaca.org/Template.cfm?Section=Home&Template=/MembersOnly.cfm&ContentID=22504)
|
|
COBIT QuickStart
|
A condensed version of COBIT for companies that find the full version is too complex.
(http://www.isaca.org/Template.cfm?Section=Governance&template=/ECommerce/ProductDisplay.cfm&ProductID=501)
|
|
COBIT Security Baseline
|
Minimum recommended guidelines for IT Security.
(https://www.isaca.org/Template.cfm?Section=My_ISACA&CONTENTID=17078&TEMPLATE=/MembersOnly.cfm)
|
|
Information Systems Audit and Control Association (ISACA)
|
The organization that sponsors the IT Governance Institute and thus sponsors COBIT.
(http://www.isaca.org)
|
|
IT Governance Implementation Guide
|
Guideance on how to implement governance for IT.
https://www.isaca.org/template.cfm?Template=/Ecommerce/ProductDisplay.cfm&ProductID=503
|
|
IT Governance Institute (ITGI)
|
The organization responsible for COBIT.
(http://www.itgi.org)
|
|
|
Overview of COBIT by Avinash Kadam
|
Concise overview of COBIT by Avinash Kadam.
(http://www.networkmagazineindia.com/200405/securedview01.shtml)
|
Sandia Laboratories Report on COBIT
|
Excellent summation of COBIT prepared by Phillip L. Campbell at Sandia National Laboratories.
(http://www.itgi.org/Template.cfm?Section=Home&CONTENTID=22339&TEMPLATE=/ContentManagement/ContentDisplay.cfm)
|
| Certified Information Systems Auditor (CISA)
|
|
CISA overview
|
Information about the CISA examination.
(http://www.isaca.org/Template.cfm?Section=Exam_Information&Template=/ContentManagement/ContentDisplay.cfm&ContentID=20382)
|
| Alignment between Standards
|
|
Aligning COBIT, ITIL and ISO 17799 for Business Benefit
|
Recommendations on aligning COBIT for governance, ITIL for operational procedures and ISO 17799 for IT Security.
(http://www.isaca.org/Template.cfm?Section=Home&Template=/ContentManagement/ContentDisplay.cfm&ContentID=22490)
|
|
IT Control Objectives for Sarbanes Oxley
|
Guidelines for implementing SOX via COBIT.
(http://www.isaca.org/Content/ContentGroups/Research1/Deliverables/IT_Control_Objectives_for_Sarbanes-Oxley_7july04.pdf)
|
|
ITSMF Introduction to IT Governance
|
IT Service Management Foundation (ITSMF) white paper on governance.
http://data.memberclicks.com/site/itsmf/itSMF_USA_AB_-_IT_Governance_v3_11.pdf
|
| Best Practices
|
|
AICPA
|
American Institute of Certified Public Accountants. The body responsible for the Statement on Accounting Standards (SAS) documents.
(http://www.aicpa.org/index.htm)
|
|
CISWG Report of the Best Practices and Metrics Teams
|
Corporate Information Security Working Group (CISWG) report on measuring IT security.
(http://www.educause.edu/ir/library/pdf/CSD3661.pdf)
|
HP and the IT Infrastructure Library (ITIL)
|
HP White Paper on their alignment with ITIL.
(http://www.managementsoftware.hp.com/products/ovgen/twp/ovgen_twp_itil.pdf)
|
HP White Paper on Service Management
|
Older, but more extensive HP White Paper on their alignment with ITIL.
(http://archive.bita-center.com/bitalib/itil&itsm/HP_wp_v2-1.pdf)
|
|
Information Security Governance - A Call to Action
|
Publication from the Corporate Governance Task Force on the need for IT governance.
(http://www.cyberpartnership.org/InfoSecGov4_04.pdf)
|
ITIL Home Page
|
This is the official ITIL home page.
(http://www.itil.co.uk)
|
ITIL User Group (ITSMF)
|
This is the official user organization for ITIL. This site includes useful ITIL reference guides and a bookshop.
(http://www.itsmf.com)
|
|
NIST Security Metrics Guide for IT Systems
|
National Institute of Standards and Technology (NIST) guide to measuring IT security.
(http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf)
|
|
PCAOBUS
|
Public Company Accounting Oversight Board (PCAOBUS). The body responsible for oversight of Sarbanes-Oxley (SOX).
(http://www.pcaobus.org/)
|
|
SAS 70 Guidelines
|
Guidelines for the SAS 70 Review of IT facilities in a financial environment.
(https://www.cpa2biz.com/CS2000/Products/CPA2BIZ/Publications/Service+Organizations+Applying+SAS+No+70+as+Amended+AICPA+Audit+Guide.htm?cs_catalog=CPA2Biz&pagetype=product&cs_category=audit%5Fand%5Faccounting%5Fguides)
|
|
SAS70.com
|
A reference site for the SAS 70 review process.
(http://www.sas70.com/)
|