Without governance, investments in cybersecurity infrastructure will fail and burn.

Modern aircraft are highly sophisticated machines that have undergone rigorous testing and certification. But no matter how sophisticated systems are installed or how thoroughly an aircraft is checked, safe flight still relies on pilots and the processes that support them. In other words, there remains a clear line between the platforms on which we fly and the actors who operate them. Additionally, when a warning light comes on due to an unexpected in-flight event (weather, mechanical, security, or other cause), it is the pilot’s situational awareness and response that is important, not the airplane’s qualifications. The same goes for cybersecurity. Over the past decade, we have rightly focused on building our infrastructure: devices, servers, software, platforms, playbooks, tools, processes, incident response procedures, certifications, and more. We have focused on building and equipping our “planes” to ensure safety.

These efforts must continue, but today the industry has matured. We’re at a point where just building infrastructure is no longer enough. We need to see how all these moving parts work together better. There’s a shift from thinking, “What control do we have?” “How well are my controls working?” This shift is immediately evident in his just-released NIST 2.0 framework.

Introducing NIST CSF 2.0

As of this writing, it has been 10 years since NIST introduced the Cybersecurity Framework (CSF) 1.0. The CSF was created pursuant to a 2013 executive order in which he directed NIST to design a voluntary cybersecurity framework to manage cyber risks that provides guidance based on established standards and best practices. it was done.

The biggest cybersecurity challenges we faced in 2014 are hauntingly familiar to those we face today (as a subject, if not a technology). A lot has changed since then, and the new CSF has been adapted to accommodate this new reality.

CSF 2.0 adds “governance” as one of the six core cybersecurity capabilities (in addition to identify, protect, detect, respond, and recover). These “capabilities” are actually NIST’s terms for desired cybersecurity outcomes. In short, cybersecurity governance is now considered a fundamental part of enterprise-wide cyber risk management.

Power to pilot: CISOs need data-driven tools for governance

Putting governance at the forefront is great news for cybersecurity and organizations. But it’s not such big news for the brave people who are expected to board the cybersecurity plane: he’s the CISO. reason? With the flood of data from the various tools that compromise today’s security stacks, there is a lack of a unified view of performance. This makes it difficult to identify critical gaps, measure progress, and optimize resources.

Despite the dire need for effective cyber governance highlighted by CSF 2.0, CISOs are still acting blindly.

To realize the promise of cyber governance, CISOs need better access to aggregated, accurate, and up-to-date information about infrastructure performance. For example, if a CISO has just hired a new team to handle his EPP or code protection and has defined goals for the next quarter, he may want to know if tools have been deployed and if scans have been done according to agreed cycles. We need to know in real time. She needs to track the team’s learning curve. Are they facing critical vulnerabilities in her MTTR or do they need further training? She is facing critical vulnerabilities in her MTTR, or do they need more training? You need to understand on the fly if there is a correlation between them. She needs to know how completing security awareness training impacts the organization’s overall security today so she can address not only immediate concerns but also future risks.

In other words, it’s time for CISOs to embrace the data-driven tools that enable true governance, which their colleagues in other departments have been using for years.

AnyDesk Incident: Solemn Memories

Last month’s AnyDesk incident, in which a vulnerability in remote desktop software exposed millions of users to a potential breach, is a recent example of why better cybersecurity governance practices and tools are essential. It doesn’t work.

Thousands of such incidents occur every quarter. In this particular incident, the organization using the software immediately scrambled to determine which assets had his AnyDesk client installed and which assets were running which versions of the AnyDesk client. A war broke out. Have you patched all AnyDesk clients? Were there any highly privileged users that were compromised? Gathering answers to these basic questions about how well things are working takes a lot of time to make meaningful decisions when needed.

This is where governance comes into play. Waiting for a crisis to unfold before gaining visibility into critical controls will significantly increase response time and pose much greater risk. This reactive approach leaves organizations more vulnerable and constantly trying to catch up with new threats instead of proactively managing them.

Effective ongoing cybersecurity governance manages the risk of incidents like AnyDesk. When CISOs have access to real-time data, they can continuously measure and optimize performance for new or ongoing incidents. You can see the big picture, set your priorities right, and avoid the stress of gathering opinions.


Just as pilot awareness is critical in the event of an unexpected aviation incident, there is a need for a shift from the traditional infrastructure focus of cybersecurity to better governance. While the industry has traditionally focused on building and equipping the cybersecurity “plane” (platforms, tools, and processes), it needs to evolve.

The introduction of NIST 2.0 and the inclusion of “governance” as a core capability represents a paradigm shift. The next decade of cybersecurity will be about not just having controls, but measuring their performance, and managing based on a continuous view of the big picture rather than measuring in silos. Probably. Now is the time for CISOs to leverage advanced data-driven cyber governance tools for a more secure cyber journey.

Image source: Domagoj Ćosić (Unsplash license)

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button