Sign in Subscribe

Brian Weidner

Brian Weidner

NIST CSF 2.0 – Identify Function Deep Dive: Risk Assessment (ID.RA)

NIST CSF 2.0 – Identify Function Deep Dive: Risk Assessment (ID.RA)

If Asset Management answers “What do we have?”, Risk Assessment answers the more important question: “What could realistically go wrong, and what actually matters?” In NIST CSF 2.0, Risk Assessment (ID.RA) is no longer a compliance checkbox or an annual spreadsheet exercise. It is positioned as a living,

NIST CSF 2.0 – Identify Function Deep Dive: Asset Management (ID.AM)

NIST CSF 2.0 – Identify Function Deep Dive: Asset Management (ID.AM)

If you ask most CISOs where breaches really start, the answer is rarely “lack of tools.” It’s almost always lack of clarity. You cannot protect what you do not know exists. That is why Asset Management (ID.AM) sits at the foundation of the NIST Cybersecurity Framework (CSF) 2.

Cybersecurity Governance That Works: A Board and Executive Guide to the NIST CSF 2.0 GOVERN Function

Cybersecurity Governance That Works: A Board and Executive Guide to the NIST CSF 2.0 GOVERN Function

Cybersecurity has permanently moved out of the data center and into the boardroom. Regulators, customers, and investors now expect senior leadership to understand, oversee, and deliberately manage cyber risk. The NIST Cybersecurity Framework 2.0 reflects this reality by elevating GOVERN to a first-class function—placing leadership accountability at

CISO Weekly Brief: Zero-Day Exploits, Identity Threats, and AI Abuse (Feb 12, 2026)

This week’s security landscape is marked by multiple zero-day vulnerabilities, sophisticated identity attacks, and the growing abuse of AI in cyber operations. CISOs should focus on rapid patching, monitoring for credential theft, and preparing for advanced threat scenarios. Below are the top items requiring executive attention, followed by

NIST CSF 2.0 – GOVERN (GV.SC): Governing Cyber Risk Beyond Your Organizational Boundaries

NIST CSF 2.0 – GOVERN (GV.SC): Governing Cyber Risk Beyond Your Organizational Boundaries

Cybersecurity governance does not stop at your network perimeter. Modern enterprises rely on a complex ecosystem of vendors, cloud providers, SaaS platforms, integrators, and partners. Each dependency introduces risk—often outside the direct control of the CISO. GV.SC (Supply Chain Risk Management) exists to ensure those risks are governed

CISO Brief: February 11, 2026 – Critical Vulnerabilities, Nation-State Threats, and Ransomware Developments

Staying ahead of emerging threats is essential for enterprise resilience. This week brings a mix of critical vulnerabilities, advanced ransomware, and sophisticated nation-state activity. CISOs should prioritize patching, review detection capabilities, and prepare executive responses to evolving risks. Below are the top items requiring immediate attention, notable developments, and

Choosing the Right Security Framework for Your Organization

Choosing the Right Security Framework for Your Organization

How to pick a framework that fits, scales, and actually covers what your business needs — including regulatory risk If you've spent any time in information security, you've heard the word "framework" thrown around a lot. NIST this, ISO that, somebody in the corner mumbling