NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Security & GRC Security Frameworks (NIST, CIS, CSF)

1.4k views5 Comments

Sort by:

Cyber risk / cyber insurance professional, CMO in Softwarea year ago

The addition of "GOVERN" as a first step is welcome. There is a need to help executive understand cyber risk challenges better and cybersecurity needs to be elevated to a business topic.
GOVERN is a starting point where some attention will need to be placed on Cyber Risk which is a starting point to better allocate cybersecurity effort. You can't solve all vulnerabilities but if you know where you're most at risk you can make better informed decision on how to allocate resources.

CISO in Healthcare and Biotecha year ago

CSF 2.0 is now available to organizations beyond critical infrastructure, providing support to all. Its focus is on governance and supply chain risks, and it includes helpful resources such as quick-start guides and a tailored implementation reference catalog. The framework encourages organizations to share their cybersecurity experiences with the community and is an effective way to manage risks.

Cyber risk / cyber insurance professional, CMO in Softwarea year ago

The addition of Govern as a first step will really help bridge the gap between cybersecurity as a technology topic and the need for business to understand and manage cyber risk with financial metrics.

CISO in Educationa year ago

The addition of Governance is long overdue!

Senior VP & CISOa year ago

Love the add of Governance

Content you might like

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

Which cybersecurity metrics do you currently use with your board?

As enterprise AI adoption accelerates, how is your organization adapting its governance and risk oversight to keep pace?

Established AI governance framework with defined policies and oversight40%

Currently developing governance models and risk controls68%

Relying on existing security/compliance frameworks (no AI-specific policy)34%

No formal AI governance approach in place2%

View Results

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

Should public companies be required to have at least one board member with cyber experience?

Yes69%

No21%

It depends on the size/industry9%

I’m not sure…

View Results

NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Sort by:

Content you might like

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

Which cybersecurity metrics do you currently use with your board?

As enterprise AI adoption accelerates, how is your organization adapting its governance and risk oversight to keep pace?

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

Should public companies be required to have at least one board member with cyber experience?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go