Modern aircraft are complex machines that undergo extensive testing and certifications. However, the safety of flying ultimately relies on pilots and the support processes. In cybersecurity, much like in aviation, it’s not just about the technology in place but also about how well individuals can respond to unexpected events.
While we have focused on building a secure infrastructure in cybersecurity, we now need to consider how all elements can work together more effectively. The release of NIST 2.0 framework reflects this shift in mindset.
Introducing NIST CSF 2.0
A decade after the introduction of cybersecurity framework (CSF) 1.0, NIST has updated it to meet the changing landscape of cybersecurity challenges. CSF 2.0 now includes governance as a core function, emphasizing the importance of cybersecurity governance in managing cyber risks.
Power to the Pilot: CISOs Need Data-Driven Tools for Governance
Despite the introduction of governance in CSF 2.0, Chief Information Security Officers (CISOs) are still facing challenges in managing their cybersecurity programs. They need better data-driven tools to have a unified view of their infrastructure’s performance and optimize their resources effectively.
The AnyDesk Incident: A Stark Reminder
The recent AnyDesk incident serves as a reminder of the importance of effective cybersecurity governance. Organizations need to have real-time visibility into their controls to respond to incidents promptly and manage risks effectively.
The Bottom Line
Just as pilot awareness is crucial in aviation, cybersecurity needs to shift its focus from infrastructure to governance. The inclusion of governance as a core function in NIST 2.0 marks a paradigm shift towards evaluating the performance of controls and managing cyber risks holistically. It’s time for CISOs to embrace advanced data-driven tools for a safer cyber journey.
Image source: Domagoj Ćosić (Unsplash license)