Information Security governance: COBIT or ISO 17799 or both?

Research output: Contribution to journalArticlepeer-review

108 Citations (Scopus)


This paper investigates the co-existence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.

Original languageEnglish
Pages (from-to)99-104
Number of pages6
JournalComputers and Security
Issue number2
Publication statusPublished - Mar 2005


  • Corporate governance
  • ISO 17799
  • IT audit
  • Information Security
  • Information Security governance
  • Information Technology governance
  • Risk management

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Information Security governance: COBIT or ISO 17799 or both?'. Together they form a unique fingerprint.

Cite this