NIST-COBIT-2019 Exam Dumps - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019

One of the objectives of CSF Step 6 is to translate improvement opportunities into justifiable, contributing projects, which means to develop an action plan that addresses the gaps between the current and target profiles, and that aligns with the organization’s mission drivers, risk appetite, and resource constraints12.

ReferencesGetting Started with the NIST Cybersecurity Framework: A Quick Start Guide, page 8.NIST CSF: The seven-step cybersecurity framework process

The CSF Implementation Tiers distinguish three fundamental dimensions of risk management to help enterprises evaluate their cybersecurity posture, which is the alignment of their cybersecurity activities and outcomes with their business objectives and risk appetite12. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe the degree of rigor, integration, and collaboration of the organization’s cybersecurity risk management practices12.

References: 1: Cybersecurity Framework Components | NIST 2: Cybersecurity Framework FAQs Framework Components | NIST

The function of the CSF that is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan is Identify, which assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. GRC elements help to define the governance program, the legal and regulatory requirements, the risk management strategy, and the supply chain risk management strategy of the organization12.

ReferencesThe Five Functions | NISTNIST Cybersecurity Framework 2.0: Understanding the "Govern" Function

The primary function of COBIT Implementation Phase 7 is to provide an opportunity for closing the loop for communication workflow, which means to ensure that the results and feedback of the implementation are reported and communicated to the relevant stakeholders, and that the lessons learned and best practices are captured and shared for future reference12.

References7 Phases in COBIT Implementation | COBIT Certification - SimplilearnCOBIT 2019 Design and Implementation COBIT Implementation, page 31.

According to the COBIT Performance Management Rating Scale, a subcategory maturity level of 95% corresponds to the rating of Fully Achieved, which means that the outcome is achieved above 85%12. This indicates that the enterprise has a high degree of capability and maturity in the subcategory, and that the practices and activities are performed consistently and effectively34.

References: 1: Performance Management of Processes - Testprep Training Tutorials 2: COBIT 2019 and COBIT 5 Comparison - ISACA 3: COBIT 2019 Performance Management: Principles and Processes 4: Effective Capability and Maturity Assessment Using COBIT 2019 - ISACA

Identifying quick wins for implementation first is the best approach to gain support for the process, as it can demonstrate the value and feasibility of the project, and motivate the stakeholders to overcome the resistance and embrace the change12. Quick wins are those actions that can be implemented rapidly and easily, and that can produce visible and measurable results3.

References7 Phases in COBIT Implementation | COBIT Certification - SimplilearnImplementing the NIST Cybersecurity Framework Using COBIT 2019, page 17.What is a Quick Win? - Definition from Techopedia

This is an objective of Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise’s governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes developing a business case that provides the rationale and justification for the improvement program, and a high-level program plan that outlines the scope, objectives, approach, and resources of the program3 .

References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: Business Case Development - ISACA : How to Write a Business Case for Cybersecurity Projects | Infosec

The organization’s asset register should primarily align to configuration management, because it is a process that maintains an accurate and complete inventory of the organization’s I&T assets and their relationships12. Configuration management supports the implementation of Step 2: Orient and Step 3: Create a Current Profile, because it helps to identify the systems, people, assets, data, and capabilities that are within the scope of the cybersecurity program, and to assess their current cybersecurity outcomes34.

References: 1: COBIT 2019 Framework – ITSM Docs - ITSM Documents & Templates 2: COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution 3: Cybersecurity Framework Components | NIST 4: Implementing the NIST Cybersecurity Framework Using COBIT 2019 | ISACA

Analysis is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Analysis category aims to identify the occurrence of a cybersecurity event by performing data aggregation, correlation, and analysis12.

References: 1: The Five Functions | NIST 2: Cybersecurity Framework Components | NIST

A gap assessment is the most critical process tool to performing Implementation Phase 3, as it helps to identify the current and desired states of the selected processes, and the gaps and potential solutions to bridge them. A gap assessment also helps to create a detailed business case and a high-level program plan for the implementation12.

References7 Phases in COBIT Implementation | COBIT Certification - SimplilearnCOBIT 2019 Design and Implementation COBIT Implementation, page 31.

Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood12.

References: 1: The Five Functions | NIST 2: Detect | NIST

According to the ISACA guide, monitoring performance against objectives is one of the tasks associated with realizing benefits, as it helps to measure the outcomes and value of the CSF implementation, and to identify and address any issues or gaps that may arise1. This task also involves reporting and communicating the results and feedback to the relevant stakeholders and ensuring continuous improvement2.

ReferencesConnecting COBIT 2019 to the NIST Cybersecurity Framework - ISACAManage Enterprise Cyberrisk by Applying the NIST CSF With COBIT … - ISACA