COBIT & NIST
Benchmarking
Heighten your governance, risk & compliance framework with AKATI Sekurity’s benchmarking service.
AKATI Sekurity’s COBIT and NIST benchmarking service aims to help you to reevaluate and reassess your security governance, risk assessment and compliance to regulatory requirements. Revamping your Governance, Risk and Compliance (GRC) framework to an internationally recognised one (COBIT and NIST) involves a clear strategy, an enabling structure, an effective architecture and comprehensive policies and standards.
GRC is an integrated, holistic approach to organization-wide governance, risk and compliance ensuring that an organization acts ethically correct and in accordance with its risk appetite, internal policies and external regulations through the alignment of strategy, People, Process and Technology, thereby improving efficiency and effectiveness.
COBIT 5
Provides a systematic approach, common language and understanding for addressing today's most challenging aspects of meeting enterprise performance goals
Clarifies goals for more effective decision-making
Assists in addressing the needs of stakeholders across the enterprise
Helps realize the positive potential of technology
Instils confidence to enable innovation through technology
NIST
Improved collaboration between organizations, and easier sharing of new cybersecurity fixes and best practices
Easier regulatory compliance with various regulatory agencies
Improved use of security budgets
Avoidance of unnecessary or redundant cybersecurity measures
Built for future regulation and compliance requirements
The Benefits of Adopting These Two Frameworks Together:
Both Have Solid Implementation Guidance: Although each framework has a suggested implementation methodology, they are easily mapped to each other and would be best used together for cyber security adoption. The COBIT implementation method offers a step-by-step approach to adopting good governance practices, while the NIST Cybersecurity Framework implementation guidance focuses specifically on the cyber security-related practices.
The Frameworks Reference Each Other: Each of these frameworks notes where the other complements them. COBIT refers to the appropriate NIST publications at the process level, and NIST refers to COBIT practices as informative references. This allows for better mapping, reduced duplication, and a broader view of a cyber security program as a part of an overall GEIT initiative.
They Both Provide A Holistic Approach: One of the COBIT principles is called “Applying a Holistic Approach,” and focuses on a set of enablers. Think about these enablers as the ingredients to a holistic GEIT program. The NIST Cybersecurity Framework, on the other hand, is what I consider a holistic approach to a solid cyber security program by providing a framework core consisting of five functions (Identify, Protect, Detect, Respond and Recover), and includes activities, desired outcomes, and applicable references.