The most valuable asset any entity possesses is information. Technology plays a key role in the management and protection of information from the time it is created up to the moment it is destroyed.
Using COBIT 5 ensures that implementation of the NIST framework will be driven by management and treated as an investment, supported by a business case, with transparent monitoring of the benefits (ROI). Ultimately management must take ownership and engage with service providers and experts. COBIT5 enables a dialogue between management and security experts based on easy to understand security management practices.
The key guiding principles of this approach are to:
Make sure stakeholders understand the context of cybersecurity – ‘de-mystify’
Understand the risks as well as the potential benefits of adopting good practices so there is management buy-in, support, and sustainable solutions
Consider cybersecurity as a part of broader information security as a whole by taking a systematic approach, not a piecemeal ‘plugging of holes’
Initiate a continual improvement approach so that cybersecurity is regularly improved and addressed
Implement security improvements that are guided by the NIST Framework that matches the profile of the enterprise that will minimise security incidents and also enable recovery from any incidents that might occur.