I normally don’t do book reviews, but this blog focuses on my personal review of one of ISACA’s latest publications that personally, I really like.
Recently, ISACA published Implementing the NIST Cybersecurity Framework using COBIT 2019. This guide illustrates how these two very powerful frameworks to ensure proper governance and management over Information and Technology (I&T) and providing critical protection for information assets. Although COBIT 2019 and the NIST CSF 1.1 are separate frameworks, this helped me understand how to use more than one model in an overarching I&T governance program that focuses on what the most important factors are.
This video blog is not intended to teach you about each of these frameworks and the details about each implementation methodology. I recorded this to give you my impressions and evaluation of the guide. Before I begin, I need to be fully transparent with you here – I was one of the expert reviewers of this guide so give me a little leeway to brag.
This implementation guide synchronizes many areas: 1) the CSF Implementation Steps, 2) the COBIT Implementation Steps and 3) the COBIT Design Steps. It takes you through the various steps of adopting tailored I&T governance program with a strong focus on cybersecurity. Referring to the figure below (this is not from the book, but my version), this book takes three guides and puts them into a single adoption view.
I hope you learn something from this and of course, gain knowledge that you can take to work tomorrow.