Answer: ISO 27001 standard describes how to manage information security in an organization, while COBIT provides implementable controls over information technology, organized into IT-related processes. ISO 27001 provides many security control objectives applicable to information technology that can be used to enhance effectiveness of COBIT (e.g., controls from section A.13.1 Network security management) processes. Additionally, COBIT governance practices and ISO 27001 context understanding requirements can be used together to better align information security and information technology with business objectives.
This article will provide you further explanation about COBIT and ISO 27001:
- How to integrate COSO, COBIT, and ISO 27001 frameworks