Abstract
Today, organisations rely on IT systems which are constantly expected to improve
return on investment without an increase in costs. These expectations have resulted in
greater importance of the use and management of IT resources. In light of this
increased importance of IT management, organisations turned towards frameworks,
such as COBIT and ITIL, to better manage their IT resources. Although both
frameworks have gained remarkable popularity, there is a lack of detailed information
regarding their interrelation within an organisation.
This creates a problem where an organisation that has implemented ITIL is unable to
determine the level of COBIT compliance. Without being able to determine the level of
compliance, it is not possible to ensure that the business requirements for information
are being met therefore preventing an organisation from ensuring that their business
objectives are achieved.
The goal of this dissertation is to establish, from a security perspective, a Model that
links COBIT and ITIL together on a detailed level to show their interrelation within an
organisation and to provide a means of determining COBIT compliance through the use
of the ITIL framework. This will effectively bridge the gap between IT Governance and
IT Service Management.
Before being able to develop such a Model, it was necessary to first link the COBIT and
ITIL frameworks to show that such a Model can be developed. It was possible to
establish such a link between COBIT and ITIL as both frameworks are based on a
similar process.
This is followed by determining the overlap between the security components of COBIT
and ITIL. The results indicate that ITIL is insufficient to address all the security aspects
of COBIT and additional control measures were required. These control measures werefound in an external framework and integrated into ITIL to complete the overlap. The
completed overlap allowed for full COBIT compliance through the use of the ITIL with
the additional control measures.
The complete overlap between COBIT and ITIL allowed for the development of a
framework that showed the interrelation between the security aspects of COBIT and
ITIL within an organisation. This framework was then used as a foundation to develop a
process of determining COBIT compliance using ITIL. This process of determining
COBIT compliance was validated through the development of a software prototype.
The framework and the process of determining COBIT compliance constitute the
required Model which can be used to solve the identified problem. This dissertation also
provides a strong platform for further research involving the areas of IT Governance and
IT Service Management. It provides research topics into linking other parts of COBIT
and ITIL that are not security related. The process of determining COBIT compliance
can also be extended to function with other operational frameworks. This dissertation
has also discovered an interesting relationship that exists within the COBIT frameworks.
Prof. Labuschagne