Isaca ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 NIST-COBIT-2019 Exam Dumps: Updated Questions & Answers (November 2025)

The objective of COBIT Implementation Phase 3 is to set an improvement target and identify gaps and potential solutions using COBIT’s guidance. This involves creating a detailed business case and a high-level program plan for the implementation.

ReferencesCOBIT 2019 Design and Implementation COBIT Implementation, page 31.7 Phases in COBIT Implementation | COBIT Certification - Simplilearn

This is an objective of COBIT Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise’s governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes using the COBIT Performance Management system to assess the current and target capability levels of the processes that support the governance and management objectives34.

References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: COBIT 2019 Performance Management: Principles and Processes 4: Effective Capability and Maturity Assessment Using COBIT 2019 - ISACA

Identifying external compliance requirements is most likely to occur during COBIT Implementation Phase 2: Where Are We Now?, because this phase involves assessing the current state of the enterprise’s governance and management system, as well as its strengths, weaknesses, opportunities, and threats12. This phase also includes identifying the relevant stakeholders, drivers, and scope of the implementation program . Therefore, this phase requires a thorough understanding of the external laws, regulations, and contractual obligations that apply to the enterprise and its I&T activities.

References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA : Connecting COBIT 2019 to the NIST Cybersecurity Framework - ISACA : 7 Phases of COBIT Implementation: Explained - The Knowledge Academy : Compliance with External Requirements - Morland-Austin

The seven high-level CSF steps generally align to the high-level phases of the COBIT 2019 implementation guide, which are: What are the drivers?; Where are we now?; Where do we want to be?; What needs to be done?; How do we get there?; Did we get there?; and How do we keep the momentum going?12. These phases provide a structured approach for implementing a governance system using COBIT 2019, and can be mapped to the CSF steps of Prioritize and Scope, Orient, Create a Current Profile, Conduct a Risk Assessment, Create a Target Profile, Determine, Analyze and Prioritize Gaps, and Implement Action Plan34.

References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: Implementing the NIST Cybersecurity Framework Using COBIT 2019 | ISACA 4: REVIEW OF IMPLEMENTING THE NIST CYBERSECURITY FRAMEWORK USING COBIT 2019.

Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood12.

References: 1: The Five Functions | NIST 2: Detect | NIST

The COBIT implementation phase that directs the development of an action plan based on the outcomes described in the Target Profile is Phase 5 - How Do We Get There? This phase involves defining the detailed steps, resources, roles, and responsibilities for executing the implementation plan and achieving the desired outcomes12.

References7 Phases in COBIT Implementation | COBIT Certification - SimplilearnCOBIT 2019 Design and Implementation COBIT Implementation, page 31.

A clear understanding of the likelihood and impact of cybersecurity events is critical for the success of CSF Step 6, as it helps to prioritize the gaps and actions based on the risk assessment and the cost-benefit analysis of the proposed solutions12.

References7 Steps to Implement & Improve Cybersecurity with NISTNIST CSF: The seven-step cybersecurity framework process

The activity of determining an appropriate target capability level for each process occurs within Implementation Phase 3, as it helps to set an improvement target and identify gaps and potential solutions using COBIT’s guidance. This involves creating a detailed business case and a high-level program plan for the implementation12.

ReferencesDefining Target Capability Levels in COBIT 2019: A Proposal for RefinementCOBIT 2019 Design and Implementation COBIT Implementation, page 31.

This COBIT task and activity corresponds to CSF Step 1: Prioritize and Scope, because it involves assessing the current state of the enterprise’s governance and management system, as well as its readiness and ability to adopt changes12. This task and activity is part of the COBIT 2019 implementation phase "Where are we now?"3, which aligns with the CSF step of identifying the business drivers, mission, objectives, and risk appetite of the organization4.

References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: Connecting COBIT 2019 to the NIST Cybersecurity Framework - ISACA 4: Cybersecurity Framework Components | NIST

One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12.

References: 1: Cybersecurity Framework | NIST 2: Framework Documents | NIST