As information technology (IT) matured during the late twentieth century, the IT department within each organization typically developed its own methods for managing operations. Eventually, frameworks and standards emerged to provide guidelines for the management and evaluation of IT processes. In this chapter we will look at some of today’s most prominent frameworks and standards related to the use of technology. Our discussion will cover the following:
• Introduction to internal IT controls, frameworks, and standards
• Committee of Sponsoring Organizations (COSO)
• Control Objectives for Information and Related Technology (COBIT)
• IT Infrastructure Library (ITIL)
• ISO 27001
• National Security Agency (NSA) ...