NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Security & GRCSecurity Strategy & Roadmap
1.5k viewscircle icon5 Comments
Sort by:
Cyber risk / cyber insurance professional, CMO in Software2 years ago

The addition of "GOVERN" as a first step is welcome. There is a need to help executive understand cyber risk challenges better and cybersecurity needs to be elevated to a business topic. 
GOVERN is a starting point where some attention will need to be placed on Cyber Risk which is a starting point to better allocate cybersecurity effort. You can't solve all vulnerabilities but if you know where you're most at risk you can make better informed decision on how to allocate resources. 

CISO in Healthcare and Biotech2 years ago

CSF 2.0 is now available to organizations beyond critical infrastructure, providing support to all. Its focus is on governance and supply chain risks, and it includes helpful resources such as quick-start guides and a tailored implementation reference catalog. The framework encourages organizations to share their cybersecurity experiences with the community and is an effective way to manage risks.

Cyber risk / cyber insurance professional, CMO in Software2 years ago

The addition of Govern as a first step will really help bridge the gap between cybersecurity as a technology topic and the need for business to understand and manage cyber risk with financial metrics. 

Lightbulb on1
CISO in Education2 years ago

The addition of Governance is long overdue!  

Senior VP & CISO2 years ago

Love the add of Governance

Content you might like

Has anyone gone through the UK's Cybersecurity Essentials Plus certification and if so, would you be willing to share with me your experience and what was involved? I just want to make sure I understand what is involved and what is in scope.

What technologies, in your opinion, will have the greatest impact on crisis management in 2024? Please write a comment how you would use the technology to manage or prevent a crisis.

Artificial Intelligence and Machine Learning23%

Blockchain21%

Internet of Things (IoT)19%

Big Data and Analytics12%

Clouds8%

Automation and robotics5%

Cybersecurity11%

Other (please specify in comment)1%

View Results

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

Read More Comments

Has anyone used CMMI Cybermaturity framework to benchmark or improve Cybersecurity maturity? I believe it is suitable to large organizations and not small or medium ones. It also needs a lot of time in order to show improvements, do you agree?

Read More Comments

Are you concerned that potential cuts to CISA’s funding/headcount (in the proposed Fed budget for 2026) could lead to increased cyber risks to your org?

Extremely concerned8%

Very concerned33%

Moderately concerned56%

Slightly concerned3%

Not at all concerned

View Results