NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Security & GRC Security Strategy & Roadmap

1.5k views5 Comments

Sort by:

Cyber risk / cyber insurance professional, CMO in Software2 years ago

The addition of "GOVERN" as a first step is welcome. There is a need to help executive understand cyber risk challenges better and cybersecurity needs to be elevated to a business topic.
GOVERN is a starting point where some attention will need to be placed on Cyber Risk which is a starting point to better allocate cybersecurity effort. You can't solve all vulnerabilities but if you know where you're most at risk you can make better informed decision on how to allocate resources.

CISO in Healthcare and Biotech2 years ago

CSF 2.0 is now available to organizations beyond critical infrastructure, providing support to all. Its focus is on governance and supply chain risks, and it includes helpful resources such as quick-start guides and a tailored implementation reference catalog. The framework encourages organizations to share their cybersecurity experiences with the community and is an effective way to manage risks.

Cyber risk / cyber insurance professional, CMO in Software2 years ago

The addition of Govern as a first step will really help bridge the gap between cybersecurity as a technology topic and the need for business to understand and manage cyber risk with financial metrics.

CISO in Education2 years ago

The addition of Governance is long overdue!

Senior VP & CISO2 years ago

Love the add of Governance

Content you might like

If you have a budget to improve your security operations, are you planning to invest in any of the following initiatives?

Analytics platforms to automate the detection of threats across endpoints, networks, and identities.63%

Solutions to automate the response to threats across endpoints, networks, and other systems.52%

None of the above1%

View Results

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

Do you roll out special initiatives, training or events for cybersecurity awareness month?

Yes, every year!24%

Yes, most years64%

No, but we might start next year9%

No2%

View Results

When it comes to running phishing simulation campaigns. What is the best practice on how often they should be run and at what cadence should phishing simulation emails be sent out? Some organizations only run a campaign once per quarter sending out a simulated phishing email about once per week while other organizations run continuous campaigns sending out phishing simulations about once every 2 weeks. What are other organizations doing and what is the best practice?

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Sort by:

Content you might like

If you have a budget to improve your security operations, are you planning to invest in any of the following initiatives?

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

Do you roll out special initiatives, training or events for cybersecurity awareness month?

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go