Cybersecurity governance is becoming vitally important for organizations today, with senior leadership, customers, business partners, regulators and others expecting sound cybersecurity governance programs to be built into an organization’s cybersecurity strategy.
The demand for stronger guidance on cybersecurity governance led to a significant addition to the NIST Cybersecurity Framework version 2.0, published in 2024. The update added an entire function dedicated to governance, which NIST defines as responsible for ensuring that an “organization’s cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored.”
Under the revised framework, cybersecurity governance serves as the foundation for a business’s cybersecurity risk management programs and practices, including asset identification, risk assessment, asset protection, continuous monitoring, and incident detection, response and recovery capabilities. Without governance, risk management programs and security controls are far more likely to have significant deficiencies, ultimately leading to more incidents and bigger negative impacts from incidents.
This article…
