Digital Trust Ecosystem Framework a Valuable Complement to COBIT, Other Frameworks

Mark Thomas, president of Escoute Consulting, Greg Witte, CISM, Security Engineer and Cybersecurity Instructor, and Rolf von Roessing, partner & CEO at Forfa Consulting
Author: By Mark Thomas, president of Escoute Consulting, Greg Witte, CISM, Security Engineer and Cybersecurity Instructor, and Rolf von Roessing, partner & CEO at Forfa Consulting
Date Published: 4 March 2024

ISACA’s Digital Trust Ecosystem Framework (DTEF) is new to the scene, but ISACA has long been a respected leader when it comes to developing impactful industry frameworks.

In fact, the COBIT framework is one of ISACA’s best-known resources globally. If you are reading this blog post, there is an excellent chance you know a passionate COBIT user or perhaps are one yourself. It is also likely you might be wondering about the relationship between COBIT and DTEF. They are highly complementary (by design) and each supports enterprise business needs. DTEF was expanded and adapted from the Business Model for Internet Security that ISACA released back in 2010. So, if I am using COBIT already, why do I need DTEF? Let’s try to address that question here.

DTEF was designed to be compatible with several existing frameworks and best practices, including COBIT, ITIL, GDPR, and numerous ISO and NIST standards. As noted in a previous blog post, “While COBIT remains the powerhouse framework for enterprise governance of information and technology, DTEF offers a broader perspective on digital trust. The two frameworks complement each other beautifully, allowing organizations to harness their combined strengths and conquer the digital frontier.”

Let’s go into more detail on both to better understand the potential connection points. DTEF helps define high-level understanding of how the enterprise will implement, maintain and monitor digital trust among its stakeholders. It includes the tenons that form the connective tissue among the domains – things like human factors, culture, and communications. DTEF will enable users to understand what needs to be done (by themselves and by third-party partners and providers) to achieve and maintain trust for customers.

Take the common challenge that many organizations are experiencing of how to implement AI. Rather than go right to the technical interpretation, DTEF will help organizations think through questions like: How can AI help us increase trust? How can AI help us better understand what our customers are looking for? How can we measure whether we are fulfilling those expectations? In a big-picture sense, DTEF goes right to the enterprise’s bottom line faster than anything you could devise from a technical standpoint because it frames modern business challenges in easy-to-understand, human terms that will resonate with a wide cross-section of customers, third parties and other key stakeholders.

COBIT, meanwhile, remains a valuable driver of business transformation as the leading framework for governance over information and technology. COBIT identifies and enables practitioners to implement the specific business processes needed to achieve stakeholder objectives, of which digital trust factors are a subset. Additionally, COBIT defines a broad target state for the enterprise with specific process systems, and actionable activities to achieve that state, including those processes that affect (or are affected by) the digital trust ecosystem. Best of all, it can be customized to meet the enterprise’s specific governance needs.

As longtime COBIT users are aware, COBIT was specifically designed to integrate effectively with other frameworks, industry standards and best practices. So, how can utilizing both DTEF and COBIT bring out the best from each framework? Considering the “ecosystem” nature of DTEF, it is important to note that this model, as mentioned above, is a not a standalone framework and should be adopted alongside an enterprise’s existing governance system. To avoid framework overload and exhaustion, think about DTEF as middleware between multiple frameworks from a digital trust lens, where middleware strives to enable interactions between complex systems that typically don’t talk to each other. Therefore, it is paramount to consider each existing framework, as they all approach value creation from different perspectives and can co-exist in an enterprise digital trust ecosystem. 

There is a high degree of difficulty in building and preserving trust given today’s climate of cyberthreats, privacy concerns and pervasive misinformation, making DTEF a tremendous resource for enterprises that want to do right by their customers – and gain a competitive advantage while doing so. Everything we do today around security, privacy, enterprise risk and governance is about fostering a digital trust relationship. That governance piece, with the ongoing proliferation of data and technology-driven business processes, is more challenging than ever. That means utilizing COBIT and DTEF together gives organizations an unmatched opportunity to be more secure, more resilient and more trustworthy than their competitors.

Additional resources