Using COBIT 5 and NIST Cybersecurity Framework in Assessing Cybersecurity Readiness

In this digital age, more and more information is pushed into cyberspace; for instance the online world, to perform various business tasks. With information and communication moving into cyberspace comes a greater degree of risks of cyberattacks. These cyberattacks are deliberate exploitations of computer systems, resulting in compromised systems and data.

Cybersecurity incidents continue to increase in frequency and impact to organizations and individuals in terms of service disruptions, financial loss, breach of personally identifiable information, and loss of stakeholder confidence. In just the last six months, various cybersecurity incidents within Canada are:

  • Outsiders hacked BC Transit IT systems
  • Anonymous hacked Canadian government websites
  • Hackers reprogrammed TransLink Compass tickets to gain free access at fare gates
  • Goldcorp Inc. private data leaked online

The ever-growing cyberthreats landscape (motives and methods) means organizations should make cybersecurity a priority. In fact, many governments around the world have passed laws and regulations on improving critical infrastructure cybersecurity and to defend against cyberattacks.


Cornell Dover

Assistant Auditor General, Office of the Auditor General