CISA’s critical infrastructure performance goals win praise, but questions remain about effectiveness

The performance goals that industrial cybersecurity experts welcomed could be overshadowed by incoming mandates.

The post CISA’s critical infrastructure performance goals win praise, but questions remain about effectiveness appeared first on CyberScoop.

Continue reading CISA’s critical infrastructure performance goals win praise, but questions remain about effectiveness

Here comes the bride: New map matches threat intel to cyber defenses

A popular method that organizations lean on to reduce their cybersecurity risks is marrying a popular tool that cyber pros consult when they analyze hacking groups — in a way they think everyone can use. The project to conjoin the National Institute of Standards and Technology’s cybersecurity framework and MITRE ATT&CK framework, announced Tuesday, comes with backing from big players: JPMorgan Chase, a nonprofit center operated by an offshoot of MITRE, the cybersecurity company AttackIQ and the nonprofit Center for Internet Security that’s perhaps best known for its work with state and local governments. The idea behind the mapping project is to harmonize the risk management sides of cyber with the threat intelligence side of cyber, via models that any organization can employ. Usually unifying those two sides would be something that only a large outfit, like the U.S. military or major investment banks, would be able to pull off, […]

The post Here comes the bride: New map matches threat intel to cyber defenses appeared first on CyberScoop.

Continue reading Here comes the bride: New map matches threat intel to cyber defenses

Your NIST Cybersecurity Framework Assessment Tool – What to Look For

The National Institute of Standards and Technology developed the Framework for Improving Critical Infrastructure Cybersecurity, later dubbed the NIST Cybersecurity Framework (CSF), from a presidential executive order to support critical functions … Continue reading Your NIST Cybersecurity Framework Assessment Tool – What to Look For

Integrating GRC: Compliance, Regulations, and Futurproofing Your Cybersecurity Program

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to support the new paradigm of information security as a business function… Continue reading Integrating GRC: Compliance, Regulations, and Futurproofing Your Cybersecurity Program