I need to ask you Which framework should we use to do an IT Audit, I know that there are different methodology like (COBIT, ISO27001, NIST).
Answer: This answer will depend upon the purpose of your audit:
- If your purpose is to verify IT governance practices, you should use COBIT as main reference.
- If your purpose is to verify IT information security management practices, you should use ISO 27001 as main reference.
- If your purpose is to verify IT practices related to computer security, you should use NIST SP-800 series as main reference.
In case your audit covers a mix of these purposes, you should make a combination of these standards.
These articles will provide you further explanation about IT frameworks and audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
These materials will also help you regarding IT frameworks and audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 24, 2017