These big frameworks are in vogue because as opposed to thinking, folks just want the answer
Now THIS is a blog the IT Skeptic will be following with interest: Mike Rothman's Daily Incite
Most of the time when I talk to vendors...They pitch me on some undecipherable technical gobbledy-goop and want to show me their friggin' interface... They try to snow me with some sophomoric trick... the "you can't prove this either way trick," the "we've suspended the law[s] of physics trick," or some variation on the "name dropping Fortune 50 companies you had an intro meeting with trick." Believe me, I know them all. I've used them all. My bullshit detector is finely tuned.
But it gets better
I feel like railing a bit on folks that just don't like to think. These big frameworks, whether it be COBIT or ISO 27001/2 or even ITIL are in vogue because as opposed to thinking, folks just want the answer. Sorry, there is no standard answer... A framework is a good starting point, but it's only a starting point. Folks that buy a guide or attend training looking for a roadmap to better operations and/or security are going to be disappointed... Big companies are so complicated that even a big, heavy framework would provide a simplified view of the world