Updated NIST Cybersecurity Framework praised

SecurityWeek reports that cybersecurity experts have lauded the National Institute of Standards and Technology's newly released Cybersecurity Framework 2.0 for expanded coverage and additional resources catering to all organizations, unlike the initial version's focus on critical infrastructure entities alone.NIST's inclusion of governance as a key tenet of cybersecurity has been praised by Axio Senior Cybersecurity Advisor Richard Caralli, Radiant Logic Chief Information Security Officer Chad McDonald, Clearwater Vice President of Consulting Services Dave Bailey, and Bishop Fox Senior Security Consultant Sebs Guerrero Selma. "Governance is becoming imperative as organizations realize the need for proper senior management and Board oversight, and this update aligns well with the SEC's recent cybersecurity rulings that more prominently involve better organizational oversight," said Caralli. Despite overall positive feedback on CSF 2.0, additional improvements could still be done, with Resilience co-founder Davis Hake noting the importance of emphasizing risk transfers and cyber risk quantification and prioritization. On the other hand, Menlo Security Vice President of Security Strategy Andrew Harding stressed the value of bolstering the detect and respond paradigm with defense in depth.