Sign in Subscribe

Latest

NIST CSF 2.0 – Identify Function Deep Dive: Asset Management (ID.AM)

NIST CSF 2.0 – Identify Function Deep Dive: Asset Management (ID.AM)

If you ask most CISOs where breaches really start, the answer is rarely “lack of tools.” It’s almost always lack of clarity. You cannot protect what you do not know exists. That is why Asset Management (ID.AM) sits at the foundation of the NIST Cybersecurity Framework (CSF) 2.

Cybersecurity Governance That Works: A Board and Executive Guide to the NIST CSF 2.0 GOVERN Function

Cybersecurity Governance That Works: A Board and Executive Guide to the NIST CSF 2.0 GOVERN Function

Cybersecurity has permanently moved out of the data center and into the boardroom. Regulators, customers, and investors now expect senior leadership to understand, oversee, and deliberately manage cyber risk. The NIST Cybersecurity Framework 2.0 reflects this reality by elevating GOVERN to a first-class function—placing leadership accountability at

CISO Weekly Brief: Zero-Day Exploits, Identity Threats, and AI Abuse (Feb 12, 2026)

This week’s security landscape is marked by multiple zero-day vulnerabilities, sophisticated identity attacks, and the growing abuse of AI in cyber operations. CISOs should focus on rapid patching, monitoring for credential theft, and preparing for advanced threat scenarios. Below are the top items requiring executive attention, followed by

NIST CSF 2.0 – GOVERN (GV.SC): Governing Cyber Risk Beyond Your Organizational Boundaries

NIST CSF 2.0 – GOVERN (GV.SC): Governing Cyber Risk Beyond Your Organizational Boundaries

Cybersecurity governance does not stop at your network perimeter. Modern enterprises rely on a complex ecosystem of vendors, cloud providers, SaaS platforms, integrators, and partners. Each dependency introduces risk—often outside the direct control of the CISO. GV.SC (Supply Chain Risk Management) exists to ensure those risks are governed

CISO Brief: February 11, 2026 – Critical Vulnerabilities, Nation-State Threats, and Ransomware Developments

Staying ahead of emerging threats is essential for enterprise resilience. This week brings a mix of critical vulnerabilities, advanced ransomware, and sophisticated nation-state activity. CISOs should prioritize patching, review detection capabilities, and prepare executive responses to evolving risks. Below are the top items requiring immediate attention, notable developments, and

Choosing the Right Security Framework for Your Organization

Choosing the Right Security Framework for Your Organization

How to pick a framework that fits, scales, and actually covers what your business needs — including regulatory risk If you've spent any time in information security, you've heard the word "framework" thrown around a lot. NIST this, ISO that, somebody in the corner mumbling

NIST CSF 2.0 – GOVERN (GV.OV): Turning Governance Into Oversight That Works

NIST CSF 2.0 – GOVERN (GV.OV): Turning Governance Into Oversight That Works

In the previous post on GV.PO – Policies, Processes, and Procedures, we focused on how organizations define expectations for cybersecurity. But governance does not stop at documentation. Policies without oversight are aspirational at best—and risky at worst. This is where GV.OV (Oversight) comes in. Under NIST CSF 2.