Download ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019.NIST-COBIT-2019.VCEplus.2025-03-04.28q.vcex

Analysis is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Analysis category aims to identify the occurrence of a cybersecurity event by performing data aggregation, correlation, and analysis12.

This CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. This step helps to ensure that the cybersecurity activities and outcomes are aligned with the enterprise goals and strategy34.

The organization's asset register should primarily align to configuration management, because it is a process that maintains an accurate and complete inventory of the organization's I&T assets and their relationships12.Configuration management supports the implementation of Step 2: Orient and Step 3: Create a Current Profile, because it helps to identify the systems, people, assets, data, and capabilities that are within the scope of the cybersecurity program, and to assess their current cybersecurity outcomes34.

This CSF step involves documenting the existing category and subcategory outcome achievements, by using the implementation status to indicate the degree to which the cybersecurity outcomes defined by the CSF Subcategories are currently being achieved by the organization12. The Current Profile reflects the current cybersecurity posture of the organization, and helps to identify the gaps and opportunities for improvement3 .

This represents a best practice for completing CSF Step 3: Create a Current Profile, because it involves collaborating with relevant stakeholders to identify the current cybersecurity outcomes and implementation status of the organization12. Engaging in a dialogue and obtaining input can help to ensure that the Current Profile reflects the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program34. 

Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood12.

The Detection capability is the type of capability within the CSF Core structure that can help practitioners recognize potential or realized risk to enterprise assets. The Detection capability consists of six categories that enable timely discovery of cybersecurity events, such as Anomalies and Events, Security Continuous Monitoring, and Detection Processes12.

The COBIT implementation phase that directs the development of an action plan based on the outcomes described in the Target Profile is Phase 5 - How Do We Get There? This phase involves defining the detailed steps, resources, roles, and responsibilities for executing the implementation plan and achieving the desired outcomes12.Reference 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn COBIT 2019 Design and Implementation COBIT Implementation, page 31.

One of the objectives of CSF Step 6 is to translate improvement opportunities into justifiable, contributing projects, which means to develop an action plan that addresses the gaps between the current and target profiles, and that aligns with the organization's mission drivers, risk appetite, and resource constraints12.Reference Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide, page 8. NIST CSF: The seven-step cybersecurity framework process

One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12.

Executives are the role that will benefit most from a better understanding of the current cybersecurity posture by applying the CSF. This is because executives are responsible for setting the strategic direction, objectives, and priorities for the organization, as well as overseeing the allocation of resources and the management of risks1. By applying the CSF, executives can gain a comprehensive and consistent view of the cybersecurity risks and capabilities of the organization, and align them with the business goals and requirements2. The CSF can also help executives communicate and collaborate with other stakeholders, such as regulators, customers, suppliers, and partners, on cybersecurity issues3.