COBIT 5 & NIST Cybersecurity Framework


Contact Us

We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.


I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

Upcoming Dates

Oct 17 - Oct 18, 2022
09:00 - 17:00

Nov 14 - Nov 15, 2022
09:00 - 17:00

Dec 12 - Dec 13, 2022
09:00 - 17:00

Jan 9 - Jan 10, 2023
09:00 - 17:00

Feb 6 - Feb 7, 2023
09:00 - 17:00

Mar 6 - Mar 7, 2023
09:00 - 17:00

COBIT 5 & NIST Cybersecurity Framework
2 days  (Instructor Led Online)  |  COBIT

Course Details

This 2-day Implementing NIST Cybersecurity Framework using COBIT® 5 course, is based on the ISACA Guide, ‘Implementing NIST Cybersecurity Framework Using COBIT 5’, which provides guidance in the implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) through a seven-step process, aligned with COBIT5 principles. The purpose of this course and qualification is to provide and measure a candidate’s knowledge and understanding of the CSF, its goals, the implementation steps, and the ability to apply this information. Delegates will also prepare for and sit an 80 minute, multiple-choice foundation Information is a key resource for all enterprises, and technology plays a significant role.


See other courses available


This COBIT 5 Foundation course is designed as an introduction to COBIT 5 and enables you to understand how an integrated business framework for the governance and management of enterprise IT can be utilized to achieve IT business integration, cost reductions, and increased productivity. The syllabus areas that this course is designed to cover are:

  • How IT management issues are affecting organizations
  • The need for an effective framework to govern and manage enterprise IT
  • How COBIT meets the requirement for an IT governance framework
  • How COBIT is used with other standards and best practices
  • The functions that COBIT provides and the benefits of using COBIT
  • The COBIT framework and all the components of COBIT
  • How to apply COBIT in a practical situation
  • COBIT®5 Cyber Security Introduction
  • Cybersecurity Challenges
  • Step 1: Prioritise and Scope
  • Steps 2 and 3: Orient and Create a Current Profile
  • Step 4 and Step 5: Conduct a Risk Assessment and Create a Target Profile
  • Step 6: Determine, Analyse, and Prioritise Gaps
  • Step 7: Implement the Action Plan
  • CSF Action Plan Review and CSF Life Cycle Management


Lesson 1: Course Overview and Introduction

  • COBIT 5 Overview
  • The Five Principles of COBIT 5
  • The Goals Cascade
  • The Seven Enterprise Enablers
  • COBIT 5 Process Reference Model
  • Process Capability Levels
  • Executive Order 13636
  • Three components of the Cybersecurity Framework (CSF)
  • CSF 7 Implementation Steps
  • Alignment with COBIT 5 Principles/ Phases
  • Framework implementation Flow

Lesson 2: Critical Security Framework Structure

  • The CSF Core
  • The Five Core Functions
  • CSF Tiers and Tier Categories
  • Four CSF Tiers
  • CSF Framework Profiles

Lesson 3: Phase One – What are the drivers?

  • Purpose of Phase One
  • Phase One Inputs and Outputs
  • Phase One Activities
  • Develop an Enterprise Architecture Vision
  • Determine Scope
  • Identify the Risk Architecture
  • Step One – Relationship to COBIT 5

Lesson 4: Phase Two – Where are we now?

  • Purpose of Phase Two
  • Phase Two Inputs and Outputs
  • Phase Two Activities
  • Tier Selection
  • Assets
  • Threats and Vulnerabilities
  • Current State Profile
  • Achievement of an Outcome
  • Process Capability Levels
  • Attribute Rating Scale

Lesson 5: Phase Three – Where do we want to be?

  • Purpose of Phase Three
  • Phase Three Inputs and Outputs
  • Phase Three Activities
  • Risk Assessment
  • Target State Profile
  • Goals for the Risk Assessment

Lesson 6: Phase Four – What needs to be done?

  • Purpose of Phase Four
  • Phase Four Inputs and Outputs
  • Phase Four Activities
  • Gap Assessment
  • The Action Plan/ Considerations when Action Planning

Lesson 7: Phase Five – How do we get there?

  • Purpose of Phase Five
  • Phase Five Inputs and Outputs
  • Phase Five Activities
  • COBIT 5 Implementation Guide
  • Stakeholder Communication
  • Action Plan Delivery

Lesson 8: Phase Six – Did we get there

  • Purpose of Phase Six
  • Phase Six Inputs and Outputs
  • Phase Six Activities

Lesson 9: Phase Seven – How to keep the momentum going

  • Purpose of Phase Seven
  • Phase Seven Inputs and Outputs
  • Phase Seven Activities

Target Audience

Although there is no mandatory requirement, ideally candidates should have at least two years of professional experience working in IT and an understanding of the COBIT 5 framework. The COBIT 5 NIST Cybersecurity Framework would suit candidates working in the following professions or areas:

  • Senior Project Officers
  • Project & Program Coordinator/Managers
  • IT Security Managers
  • Operations Managers
  • Business Analysts
  • Engineering Managers
  • IT Infrastructure Managers
  • Internal Consultants
  • Professional Consultants

The above list is a suggestion only; individuals may wish to attend based on their own career aspirations, personal goals, or objectives. Delegates may take as few or as many Intermediate qualifications as they require, and to suit their needs.


The recommended prerequisites for this course are:

  • Completed COBIT 5 Foundation Course (for obtaining the CSF Implementation Enhanced Qualification)
  • Basic Knowledge of COBIT 5
  • Basic knowledge of cybersecurity concepts