COBIT 5 is a robust framework which could incorporate the different phases and cases of an organization's IT affairs. Being said, COBIT offers its own processes to handle the IT security in the organization through Risk optimization, risk management and Manage security services.
The Risk optimization process is in the Governance layer - Evaluate Direct and Monitor, EDM03. It offers different sub-processes as below:
a. Evaluate risk management
b. Direct risk management.
c. Monitor risk management.
In Management phase - Align Plan and Organize, APO12; COBIT suggests the Risk management process. The practices in this process include:
a. Collect Data.
b. Analyze risk.
c. Maintain a risk profile.
d. Articulate risk.
e. Define a risk management portfolio.
f. Respond to risk.
In the operations phase, COBIT offers a process to take care of the IT security - Deliver, Service and Support -DSS05. The sub-processes offered include :
a. Protect against malware.
b. Manage network and connectivity security.
c. Manage endpoint security.
d. Manage user identity and logical access.
e. Manage physical access to IT assets.
f. Manage sensitive documents and output devices.
g. Monitor the infrastructure for security-related events.
I like your concise way of making the processes relevant.