3- Applying a Single Integrated Framework
            4- Enabling a Holistic Approach
            5- Separating Governance from Management

            COBIT  is supported by several other documents and standards
            that provide guidance to the team implementing a security
            program. These include the Professional Guides: COBIT for
            Implementation, COBIT for Information Security, COBIT  for
            Assurance, and COBIT for Risk.



            NIST
            The NIST Special Publications are a wealth of excellent
            information for the Information Security Professional. NIST
            (National Institute of Standards and Technology) provides the
            standards and guidance documents for use in the U.S. Federal
            Government through their website http://csrc.nist.gov. NIST
            recommends that its standards be implemented by all types of
            organizations. All of the NIST special publications can be
            accessed at no cost.

            Here are some examples of relevant NIST documents:


            NIST SP800-53 Recommended Security Controls for Federal
            Information Systems
            NIST SP800-53 outlines the recommended security controls for
            information systems based on the security categorization of the
            information and the information system. The classification of
            the system is based on the impact level of a breach of
            availability, integrity, and confidentiality (the CIA triad).
            Depending on the security categorization of the information