October 2006 - COBIT® Mapping: Mapping of ITIL With COBIT ® 4.0
September 2006 - COBIT® Mapping: Mapping of TOGAF With COBIT ® 4.0
August 2006 - COBIT® Mapping: Mapping of SEI’s CMM for Software With COBIT ® 4.0
August 2006 - Security Audit and Control Features Oracle Applications: A
Technical and Risk Management Reference Guide, 2nd Edition
July 2006 - COBIT® Mapping: Mapping of PMBOK With COBIT ® 4.0
July 2006 - COBIT® Mapping: Mapping of PRINCE2 With COBIT ® 4.0
June 2006 - Security Audit and Control Features PeopleSoft®: A Technical
and Risk Management Reference Guide, 2nd Edition
May 2006 - COBIT® Mapping: Mapping of ISO/IEC 17799:2000 With COBIT, 2nd Edition April 2006 -
IT Control Objectives for Sarbanes-Oxley, 2nd Edition
April 2006 -
Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition
March 2006 -
IT Governance Global Status Report 2006
March 2006 -
COBIT Mapping Overview of International IT Guidance, 2nd Edition
March 2006 -
Security, Audit and Control Features SAP® R/3®, 2nd Edition
March 2006 -
Val IT
January 2006 -
Critical Elements of Information Security Program Success
The Information Technology Infrastructure Library (ITIL) released by the
UK Office of Governance Commerce, consists of 10 processes−more
commonly understood as service support (operational) and service delivery
(tactical) processes−that comprise one function, effective IT service
management. This mapping document contains a detailed mapping of ITIL
with COBIT 4.0. It will be posted as a complimentary download for ISACA
members in the fourth quarter of 2006 at www.isaca.org/downloads.
The Open Group Architecture Framework (TOGAF) is a detailed method
and set of supporting tools for developing enterprise architecture. It was
developed by members of The Open Group, working within the Architecture
Forum and has been in existence since 1995. This mapping document
contains a detailed mapping of TOGAF 8.1 with COBIT 4.0. The structure
follows the domains, processes and control objectives of COBIT. It will be
posted as a complimentary download for ISACA members in late
September.
The Software Engineering Institute (SEI) Capability Maturity Model
(CMM) is a set of best practice descriptions for software development that
can be used to improve the IT organization’s performance. The impact of
SEI CMM performance is broadly leveraged across the COBIT domains.
Almost all of the SEI key practice areas (KPAs) are applicable to the COBIT
processes. This detailed mapping references the CMM key activities and
measurement sources of commonality for each COBIT detailed control
objective. The structure follows the domains, processes and control
objectives of COBIT, and the mapping shows the coverage by SEI CMM
KPAs within each SEI maturity level. This mapping will be posted as a
complimentary download for ISACA members in August 2006.
All COBIT mapping publication are or will be available for download at
www.isaca.org/deliverables, once they are completed.
This guide provides frameworks and methodologies for auditing and testing
in an Oracle environment using Release 11i. It is written with the business
manager in mind, as well as the IT and assurance professional, and has been
updated to address:
This is the last guide to be updated to its second edition of the three in the
series of technical and risk management reference guides. They collectively
cover enterprise resource planning (ERP) dealing with security, audit and
control features of ERP systems. Each guide concentrates on a different
software program, but each also contains common chapters on ERP risk
management and audit approach.
This publication is scheduled for release in the third quarter of 2006. The
second edition of the SAP®/R3®-based publication was published in March
2006 and is available in the ISACA Bookstore, www.isaca.org/bookstore.
A Guide to the Project Management Body of Knowledge (PMBOK© Guide)
is described as "the sum of knowledge within the profession of project
management." This detailed mapping consists of the information
requirements of PMBOK as mapped to COBIT control objectives. The
structure follows the domains, processes and control objectives of COBIT. It
will be posted as a complimentary download for ISACA members in August
2006.
Projects in Controlled Environments (PRINCE) is a structured method for
project management. The PRINCE method was first established in 1989 by
the UK Central Computer and Telecommunications Agency (CCTA), now
the UK Office of Government Commerce (OGC). The detailed mapping
consists of the information requirements of PRINCE2 as mapped to each
COBIT control objective. The structure follows the domains, processes and
control objectives of COBIT. It will be posted as a complimentary download
for ISACA members in August 2006.
This guide has been updated to cover the human resources and payroll components of PeopleSoft 8.8 and has been
written with business managers and IT and assurance professionals in mind. This second edition will be
available in early July from the ISACA Bookstore, www.isaca.org/bookstore.
Revisions to the second edition address:
This is part of a series of technical and risk management reference guides
collectively covering enterprise resource planning (ERP) and dealing
specifically with security, audit and control features of ERP systems. Each
guide concentrates on a different software program, but each also contains
common chapters on ERP risk management and audit approach.
The second edition of Security Audit and Control Features SAP®/R3®: A
Technical and Risk Management Reference Guide was published in March
2006. The second edition of Security Audit and Control Features Oracle®
Applications: A Technical and Risk Management Reference Guide is
scheduled for release in the third quarter of 2006.
This publication is being updated with references to COBIT ® 4.0, which was published in
December 2005. It provides a good overview of Control Objectives for Information and
related Technology (COBIT) and ISO/IEC 17799:2000 and is a profound source of information
for all stakeholders responsible for, and interested in, IT governance, information security
management and their respective controls.
For this detailed mapping, ISO/IEC 17799 has been split into small pieces of information
(information requirements). Almost 1,000 information requirements have been mapped
to the hundreds of detailed COBIT control objectives. The detailed mapping document will
describe how these two standards are interrelated and how all detailed requirements of ISO/IEC
17799:2000 can be integrated with COBIT.
This publication will be available as a complimentary download from www.isaca.org/downloads
in late May.
A mapping of ISO 17799:2005 with COBIT 4.0 is in development and will be available in late 2006.
ITGI® ISACA and the contributors of IT Control Objectives for Sarbanes-
Oxley have designed this publication primarily as a reference for executive
management and IT control professionals, including IT management and
assurance professionals, when evaluating an organization’s IT controls
required by the US Sarbanes-Oxley Act of 2002.
An exposure draft of the second edition will be available in the second
quarter for review and comment.
With increased networking and a growing realization of the value of
information assets, information security is recognized as one of the most
important issues to address for all IT users. This updated publication helps
explain information security in business terms and includes ideas and
techniques to help boards and executive management uncover securityrelated
problems. It is available in print and as a complimentary download.
The print edition may be purchased from the ISACA Bookstore,
www.isaca.org/bookstore. The complimentary download is available at
www.itgi.org.
As a follow-up to the 2003 groundbreaking study, IT Governance Institute (ITGI)
again commissioned PwC Belgium to survey global executives relative to perceptions
of IT governance worldwide. The sample surveyed is more than double the size of the 2003
study, allowing for more statistical validity and relevant cross-references. Many of the
questions from the 2003 survey were repeated to identify trends or changes in the marketplace
over the years. Many new questions were also added, to begin to illuminate new
perceptions or areas of concern in the minds of global C-suite and IT executives. It is an excellent
companion piece to the 2003 study.
Future plans include repeating the research on a regular basis so that trends can continue to be
identified and outlined and the IT governance professional space can be better understood.
A complimentary PDF download is available from the ITGI web site, www.itgi.org.
CIOs, CFOs, information security managers, auditors, and those involved in
corporate and IT governance need a framework to compare international
standards and guidance for managing the IT function. This second edition
offers a global overview of the following important international standards
and guidance for IT control and IT security in relationship to COBIT 4.0:
COSO, ITIL®, ISO/IEC 17799:2005, FIPS PUB 200, ISO/IEC TR 13335,
ISO/IEC 15408:2005, PRINCE2®, PMBOK©, TickIT, CMMI, TOGAF 8.1,
IT Baseline Protection Manual and NIST 800-14. It can serve as a road map
to implementing guidance supporting IT governance. For each of the
international standards/guidance examined, the document provides a
classification, a short overview of the contents, the business driver for
implementing the guidance and the risks of noncompliance.
This publication
is posted for complimentary download at www.isaca.org/downloads.
Current best practices and future trends in ERP issues have been updated
from the first edition published in 2002. This practical, how-to, technical
and risk management reference guide enables auditors and risk professionals
(IT and non-IT) to evaluate risks and controls in existing ERP
implementations, and facilitates the design and building of better practice
controls into system upgrades and enhancements. The first to be updated,
this is one in a series of technical and risk management reference guides
focusing on the world’s three major ERP systems: SAP R/3 Audit,
PeopleSoft® and Oracle® Applications. The PeopleSoft update is expected
late in the second quarter of 2006 with the Oracle update following in the
third quarter.
This publication is available in the ISACA Bookstore (www.isaca.org/bookstore).
ITGI has released the first deliverables in the Val IT series, a set of
publications designed to shed light on realizing value from IT-enabled
investments. The first release of Val IT includes:
COBIT already provides a comprehensive framework for the management
and delivery of high-quality IT-based services. It sets best practices for the
means of contributing to the process of value creation. Val IT now adds best
practices for the end, thereby providing the means to unambiguously
measure, monitor and optimize the returns, both financial and nonfinancial,
from investment in IT.
There is a growing recognition that information security is not just an information technology problem, but a
business problem. This report reflects the experience and opinions of a diverse professional group regarding critical
elements of information security program success and provides potential solutions for priority and additional critical
elements of information security program success.
It is available as a complimentary PDF download at www.isaca.org/reseach.