• ITIL provides guidance for improving the management process to make an organization more efficient and effective. This hopes to improve effectiveness and impacts financial profits by providing an organization with comprehensive insight. B4. Evaluate the weaknesses of each framework. • ISO 27002 was established to explicitly cover IT security issues and not the entire range of IT functions. • COBIT is designed to be a global IT governance program and does not provide a detailed security methodology. It is designed to adopt best practices and does not consider specificities with respect to information security. • NIST publications are very narrow in scope, and an organization must combine multiple publications to cover all bases. • ITIL is a guide to improve the management process and does not provide specifications for information security. The improvement process is based on ISO standards and directs users to ISO for ISMS-related issues. (ISACA, 2008)B5. Discuss the certification and accreditation process for