In recent years, (as demonstrated in myprevious article titled “ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive aBalanced Scorecard for IT Governance”),[i]the balanced scorecard (BSC)[ii],[iii],[iv]has been applied to enterprise IT and the first real-life IT securitygovernance application has been developed based on mapping the controlobjectives from the International Organization for Standardization (ISO)/InternationalElectrotechnical Commission’s (IEC) ISO/IEC 27001:2013 standard to COBIT® 4.1 process and ITgovernance focus areas.[v] Asa further exercise, the relationships and similarities between ISO/IEC27001:2013, COBIT 4.1 and COBIT® 5 can be explored toprovide data values, insights and results that will help in strategicmanagement discussions.
What is driving the need for this mapping exercise?
· The need to integrate ITgovernance with overall business governance
· The need for effectivedeployment, governance and management of enterprise IT
· The exercise will help inestablishing enterprise IT strategy through control objective linkages
· Key performance indicators(KPIs) can be derived for individuals or business unit
This article explains how an exercisein instituting controls can be used to establish IT strategy, which is shown inthe resultant enterprise and IT goals BSC values and outcomes applied in COBIT 5. In so doing, it showcases the IT/business governance and alignmentprocesses as derived from mapping ISO/IEC 27001 and COBIT 4.1 controls and processes further to COBIT 5 governance and management processes...
Read this article in its entirety here. The author will also be available to answer questions.