Audit program announced by ISACA

ISACA has released a new audit program based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The program, Cybersecurity: Based on the NIST Cybersecurity Framework, is aligned with the COBIT 5 framework, and provides an assessment of an organisation’s ability to identify, protect, detect, respond and recover from cybersecurity threats. It also provides professionals and their enterprises with direction on cyber governance.

According to a supplementary overview, the primary security and control issues addressed in the program are protection of sensitive data and intellectual property, protection of networks to which multiple information resources are connected, and responsibility and accountability for the device and information that it contains.

“This audit program based on the NIST framework offers detailed guidance that can provide enterprise leaders confidence in the effectiveness of their organisation’s cybersecurity governance, processes and controls,” said Christos Dimitriadis, chair of ISACA’s board of directors and group director of Information Security for INTRALOT.

In the Recover section, testing steps are provided to help organisations put in place recovery planning that ensures timely restoration of systems or assets affected by cybersecurity events.

The program is free to ISACA members and available for purchase to non-members for US$45 (approximately AU$60). It is among 14 audit/assurance programs offered by ISACA aligned with COBIT 5, the leading framework for the governance and management of enterprise IT.

ISACA audit programs have been developed and reviewed by audit/assurance professionals worldwide. They can be downloaded to allow customisation that fits varying work environments.

The NIST Cybersecurity Framework is used by a wide range of organisations. ISACA has previously issued guidance on how organisations can implement NIST.

Image credit: iStockphoto.com/Gawrav Sinha

Follow us on Twitter and Facebook