Security News
It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with...
Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution
Attackers are probing Check Point Remote Access VPN devicesAttackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. The evolution of security metrics for NIST CSF 2.0Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.
The NIST Cybersecurity Framework 2.0 underscored that metrics like these alone are insufficient and probably even improper when used as proxies for security outcomes. Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.
NIST has expanded the CSF's core guidance and developed related resources to help users get the most out of the framework."The NIST CSF 2.0 update significantly impacts the security of software supply chains, addressing the integration of open source, commercial components, in-house developed software, and Commercial Off-The-Shelf products. NIST CSF 2.0 could be a key instrument for helping CISOs better define and build up controls that will improve security outcomes, providing direction to address critical asset protection, reduce or eliminate risk of material impact, and prevent any breach of duty for failing to adhere to regulatory and compliance regulations," Saša Zdjelar, Chief Trust Officer at ReversingLabs, told Help Net Security.