NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Security & GRC Security Strategy & Roadmap

1.5k views5 Comments

Sort by:

Chief Marketing Officer in Software2 years ago

The addition of "GOVERN" as a first step is welcome. There is a need to help executive understand cyber risk challenges better and cybersecurity needs to be elevated to a business topic.
GOVERN is a starting point where some attention will need to be placed on Cyber Risk which is a starting point to better allocate cybersecurity effort. You can't solve all vulnerabilities but if you know where you're most at risk you can make better informed decision on how to allocate resources.

CISO in Healthcare and Biotech2 years ago

CSF 2.0 is now available to organizations beyond critical infrastructure, providing support to all. Its focus is on governance and supply chain risks, and it includes helpful resources such as quick-start guides and a tailored implementation reference catalog. The framework encourages organizations to share their cybersecurity experiences with the community and is an effective way to manage risks.

Chief Marketing Officer in Software2 years ago

The addition of Govern as a first step will really help bridge the gap between cybersecurity as a technology topic and the need for business to understand and manage cyber risk with financial metrics.

CISO in Education2 years ago

The addition of Governance is long overdue!

Senior VP & CISO2 years ago

Love the add of Governance

Content you might like

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

What processes do you follow to audit AI models for compliance with evolving privacy regulations? How frequently do you run these audits?

What sorts of tools are you currently using to inventory cryptography usage throughout the enterprise? (Choose all applicable)

Key management system or certificate life cycle management

Network security appliance 40%

Custom/proprietary solution 20%

App security posture management (ASPM) tool 80%

Cryptographic posture management tool 20%

Something else

N/A

View Results

Are you feeling confident that you know the full extent of GenAI use at your org?

Very confident14%

Confident – there could be some shadow AI but I doubt it49%

Sort of confident – some shadow AI, but aware of the important stuff28%

Not confident – still trying to determine extent of GenAI use8%

View Results

NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Sort by:

Content you might like

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

What processes do you follow to audit AI models for compliance with evolving privacy regulations? How frequently do you run these audits?

What sorts of tools are you currently using to inventory cryptography usage throughout the enterprise? (Choose all applicable)

Are you feeling confident that you know the full extent of GenAI use at your org?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go