ISO27001 vs. ITIL

1 view
Skip to first unread message

Billy

unread,
May 10, 2007, 3:26:12 AM5/10/07
to CCClub中国信息安全专业人士俱乐部
How big before ITIL matters?

So what? - I feel like railing a bit on folks that just don't like to
think. These big frameworks, whether it be COBIT or ISO 27001 or even
ITIL are in vogue because as opposed to thinking, folks just want the
answer. Sorry, there is no standard answer.

I'm sure that ITIL is really good for within a mid-sized company is
kind of interesting, but I just don't buy it. Let me be clear on
this.

A framework is a good starting point, but it's only a starting point.
Folks that buy a guide or attend training looking for a roadmap to
better operations and/or security are going to be disappointed. Why?
Because security isn't really in our control. There are millions of
external factors and we need everyone to buy into the program. No
cookbook can help you with that. Big companies are so complicated that
even a big, heavy framework would provide a simplified view of the
world, so I'm cool from that context. But it just seems that for a mid-
sized company, they'd be better off figuring out the 2 or 3 most
critical business systems and protecting those.

So....how about ABCDHIM...
More suggestions needed...

Reply all
Reply to author
Forward
0 new messages