Cybersecurity Framework (CSF)

Unpacking the NIST cybersecurity framework 2.0

Posted on April 18, 2024 by Doug Bonderud

The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity. NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for […]

The post Unpacking the NIST cybersecurity framework 2.0 appeared first on Security Intelligence.

Continue reading Unpacking the NIST cybersecurity framework 2.0→

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

Posted on September 18, 2023 by Sue Poremba

The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s […]

The post How NIST Cybersecurity Framework 2.0 Tackles Risk Management appeared first on Security Intelligence.

Continue reading How NIST Cybersecurity Framework 2.0 Tackles Risk Management→

Everything CISOs Need to Know About NIST

Posted on August 8, 2022 by C.J. Haughey

It’s never been harder to be a chief information security officer (CISO). In 2021, there were 50% more attacks each week compared to 2020. Without a plan, maintaining a robust security posture is an uphill struggle. Thankfully, the National Institute of Standards and Technology (NIST) offers CISOs the guidance they need. Read on to learn […]

The post Everything CISOs Need to Know About NIST appeared first on Security Intelligence.

Continue reading Everything CISOs Need to Know About NIST→

MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

Posted on May 11, 2022 by Rich Erdmann

The MITRE ATT&CK threat framework is seemingly everywhere these days, and with good reason. It is an invaluable tool for understanding the various methods, or as MITRE refers to them Tactics and Techniques, employed by threat actors. It offers annotated and curated details about those methods, and it provides the capability to visualize this data […]

The post MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be? appeared first on Security Intelligence.

Continue reading MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?→

A Journey in Organizational Resilience: Geopolitical and Socio-Economic Trends and Threats

Posted on December 13, 2021 by George Platsis

The last stop on our organizational resilience journey touches one of the issues organizations have the least control over: geopolitical and socio-economic trends and threats. However, they can be some of the most impactful on your organization. Today, the ubiquitous use of interconnected information systems to carry commerce exists on a scale that never did […]

The post A Journey in Organizational Resilience: Geopolitical and Socio-Economic Trends and Threats appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resilience: Geopolitical and Socio-Economic Trends and Threats→

A Journey in Organizational Resilience: Supply Chain and Third Parties

Posted on November 8, 2021 by George Platsis

The next stop on our journey focuses on those that you rely on: supply chains and third parties. Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call when it comes to cybersecurity resilience. You see, the purpose of using external partners is […]

The post A Journey in Organizational Resilience: Supply Chain and Third Parties appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resilience: Supply Chain and Third Parties→

A Journey in Organizational Resilience: Privacy

Posted on October 25, 2021 by George Platsis

Privacy concerns may not be the first issue that comes to mind when building an enterprise cyber resilience plan. However, you should expect them to gain prominence. For perspective, consider for a moment that the NIST Privacy Framework is a relatively new tool. It was only first deployed in January 2020. Even ISO only released […]

The post A Journey in Organizational Resilience: Privacy appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resilience: Privacy→

A Journey in Organizational Resiliency: Governance

Posted on October 11, 2021 by George Platsis

From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example: NIST SP 800-34: The first step in contingency planning is policy development. NIST Cybersecurity Framework: Part of the first step, Identify, […]

The post A Journey in Organizational Resiliency: Governance appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resiliency: Governance→

A Journey in Organizational Resilience: Crisis Management

Posted on October 4, 2021 by George Platsis

So far in this organizational resilience journey, we have focused mainly on the planning phase, or, as some call it, ‘left of the boom’. For a moment, let’s look at a ‘right of the boom’ (post-incident) theme: crisis management (CM), an important component of your cyber resilience planning. A good CM plan will be part of […]

The post A Journey in Organizational Resilience: Crisis Management appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resilience: Crisis Management→

Zero Trust: Remote Security For Now and the Future

Posted on September 24, 2021 by Jennifer Gregory

This summer, my to-do list was full of stories about cybersecurity issues related to hybrid work. I was hopeful that the path to the end of the pandemic was ahead of us. Many companies announced their plans for keeping fully remote or hybrid workforce models with as much certainty as possible during a global pandemic. […]

The post Zero Trust: Remote Security For Now and the Future appeared first on Security Intelligence.

Continue reading Zero Trust: Remote Security For Now and the Future→