ISACA Issues NIST Cybersecurity Framework Audit
Global business technology and information security association ISACA has launched a new audit program based on the NIST Cybersecurity Framework, which provides enterprises key direction on cyber-governance.
“Cybersecurity: Based on the NIST Cybersecurity Framework,” aligned with the COBIT 5 framework, is designed to provide management with an assessment of the effectiveness of an organization’s plans to detect and identify cyber-threats, and protect against them. It also covers recovery processes and activities. Modules include asset management, awareness training, data security, resource planning, recovery planning and communications.
“This audit program based on the NIST framework offers detailed guidance that can provide enterprise leaders confidence in the effectiveness of their organization’s cybersecurity governance, processes and controls,” said Christos Dimitriadis, chair of the ISACA Board of Directors and group director of Information Security for INTRALOT.
The primary security and control issues addressed in the program are: Protection of sensitive data and intellectual property; protection of networks to which multiple information resources are connected; responsibility and accountability for the device and information contained on it; and in the recover section, testing steps are provided to help organizations put in place recovery planning that ensures timely restoration of systems or assets affected by cybersecurity events.
The program is among 14 audit/assurance programs offered by ISACA aligned with COBIT 5, the framework for the governance and management of enterprise IT. The COBIT framework is designed to allow managers to define the complex relationship that exists between security control requirements, technical issues, and business risks.
The NIST Cybersecurity Framework is used by a wide range of organizations. ISACA has previously issued guidance on how organizations can implement NIST, including aligning it with COBIT 5.
Photo © LeoWolfert
Source: Information Security Magazine