Frameworks & Standards

The growing dependency on technology makes IT crucial to the success of all organizations. Opsec Media Networks has the expertise to create and implement an IT strategy for your business that is based on industry recognized frameworks. Our approach will ensure that IT service delivery is driven by business needs and user requirements, and that your inhouse technology addresses all angles associated with your corporate vision.

Opsec Media Networks will help you create alignment between business goals and the people, process, and technology that contribute to achieve those goals. This will likely include a combination of frameworks and methodologies that together maximize investments and reduce risk. The most widely accepted frameworks are:


Control Objectives for Information and related Technology (CobiT) is a framework for control and security developed by the Information Systems Audit and Control Association (ISACA). This framework began as a compilation of best practices for managers and auditors to follow as they determine what security and control levels are needed to protect company assets as part of an IT Governance model. In its latest form, CobiT 5, has been expanded to integrate other frameworks and standards so that it may cover a broader scope within the governance of enterprise IT.


Information Technology Infrastructure Library (ITIL) started off in as a collection of books that together addressed specific practices within IT. ITIL has since evolved into ITIL v3, comprised of five publications including 26 processes and functions, which enable organizations to plan, implement, and measure IT service delivery against a baseline of internationally accepted standards. ITIL is currently the most widely adopted IT framework and has a focus on the delivery of “service” with a holistic and end-to-end model. CobiT and ITIL have been often deployed in tandem because of their complementary approaches where CobiT guides IT leaders on what to do while ITIL outlines how to do it.


The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) are both non-profit, international standard-setting organizations. ISO has released tens of thousands of standards since 1947 yet in the context of IT Governance, ISO has partnered with IEC to release the 17799:2000 and 27000 series. Their goal is for organizations of all sizes to assess risks and implement appropriate controls (as part of a broader information security management strategy) based on the recommendations and guidelines of the standard.