Welcome to the SecAware blog

I spy with my beady eye ...

9 May 2007

COBIT 4.1 released! [UPDATED]

Despite a press release, the latest v4.1 of COBIT is not yet available from the IT Governance Institute website but is expected imminently. Meanwhile, the ITGI has various other interesting docs available, including a new version of their paper on IT control objectives for SOX.

I note that COBIT is described in the press release as an 'international unifying framework that integrates all of the main global information technology standards, including ITIL, CMMI and ISO17799', which sounds strangely similar to what ISM3 claims to be.

Another ITGI document relates COBIT to an extraordinarily comprehensive set of information security, project and risk management standards, viz: COSO, ITIL, ISO/IEC 17799:2005, FIPS PUB 200, ISO/IEC TR 13335, ISO/IEC 15408:2005/Common Criteria/ITSEC PRINCE2, PMBOK, TickIT, CMMI, TOGAF, IT Baseline Protection Manual and NIST 800-14.

[UPDATE: May 20th: COBIT v4.1 has now been released. I'll probably add another blog entry if/when I find time to review it.