The NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF) has become a reference for executives and upper management in many critical infrastructure sectors, creating a lexicon to frame the discussion of risk management. However, even with this reference, many organisations struggle to close the gap among risk tolerance, business objectives and cybersecurity efforts.

This new course on Implementing NIST Cybersecurity Framework Using COBIT 5 course will equip managers with the skills to frame real-world, technical cybersecurity projects in risk management terms that executives can understand and use to make and justify business decisions. Based on a guidance developed by ISACA, the course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.

Background</>

In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which called for the development of a voluntary risk-based cybersecurity framework that is “prioritized, flexible, repeatable, performance-based, and cost-effective.”

The Cybersecurity Framework (CSF) was developed through an international partnership of small and large organisations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of Standards and Technology (NIST). ISACA participated in the CSF’s development and helped embed key principles from the COBIT framework into the industry-led effort. As part of the knowledge, tools and guidance provided through its Cybersecurity Nexus (CSX)™ program, ISACA has developed a guide on Implementing NIST Cybersecurity Framework Using COBIT 5. This course is based on this guidance.