Cyber resiliency tool
We, at Pricoris, delivered a course on NIST Cyber Security Framework and its integration with COBIT last week. Coming from a standards background I was very comfortable integrating CSF with ISO 27001 but integration with COBIT which includes the quality related aspects of IT seemed a bit too far fetched in mapping some of the outcomes of CSF to the Process Reference model of COBIT. However, COBIT did have two advantages:
1. COBIT’s focus on separation of Governance and management and
2. Process Assessment Model using ISO 15508 helping in measurement of outcomes.
NIST has already started working on these lacunas as is clear from the recently released future Roadmap for NIST which addresses both these lacunas and states that the NIST will work on Measuring Cybersecurity and Governance and Enterprise Risk Management – two areas where COBIT was stronger than NIST. Besides, other topics which will be covered will be Cyber-Attack Lifecycle; Internet of Things; Secure Software Development; Small Business Awareness and Resources.
Additionally Pricoris has started working on the Pricoris Cyber Security Resilience Tool based on NIST Cyber Security Framework, NIST SP 800-30, NIST RMF, Balridge Cyber Security Excellence Builder, ISO 27001 and MITRE Cyber Resilience Design Principles which will have the following benefits:
1. Move your organization beyond the technical and controls-focused elements of the CSF and address the process and delivery side of cyber security, bridging what had been a major gap.
• A new, business-oriented language to use in communicating and working with partners and customers.
• An honest assessment of where you are and where we want to be; a baseline to measure against in the future.
• The gaps identified will result in action plans, funding opportunities, and deep alignment to the business.
• The work will be useful in InfoSec strategic planning, budget requests, and communicating to your key customers and key partners what you need from them and how your program works.
• A self-assessment document that will be revisited and updated as the program matures.
• A boost in clarity, empowerment, and morale for the implementation team.
Watch out for the Pricoris Cyber Security Resilience tool here