COBIT, COSO and ITIL: CISSP Domain – Security and Risk Management

COBIT (Control Objectives for Information and Related technology) and COSO (Committee of Sponsoring Organizations) are all about about security goals for organizations.  They are about “what” should be done.

ITIL (Information Technology Infrastructure Library) – Is all about “how” to implement goals.

The Difference Between COBIT and ITIL

COBIT is WHAT should be done. VS. ITIL is HOW it should be done.

My Video

Being completely honest, this was one of my least favorite topics to digest during my studies.  As someone who has spent most of his life just “doing stuff” versus following frameworks like COBIT, COSO and ITIL it’s hard for me to wrap my head around these types of formal methodologies.  Alas much of the practice of cyber security is just that, formal systems and processes.  Although I studied these frameworks much more after I made this video, I think this extremely basic distillation of what each are at their core adapted from the awesome Kelly Handerhan may be helpful to some.