InfoSec Archives - William Tulaba

William Tulaba Natick AI NIST CSF 2.0 Securing AI

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 5 AI (RS.MI)

Part 5: AI Incident Response (RS.MI) Preparing for AI Security Incidents AI introduces new types of cybersecurity incidents that traditional response plans may not fully address. Examples include: Exposure of confidential data through generative AI outputs Manipulation of AI models affecting automated decisions Compromised training data altering system behavior Abuse of AI tools for internal […]

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 5 AI (RS.MI) Read More »

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 4 AI (DE.CM)

InfoSec / William Tulaba

Part 4: AI Threat Detection (DE.CM) Monitoring AI Systems and AI-Enabled Attacks Artificial intelligence is enabling new forms of cyberattacks, including: AI-generated phishing campaigns Deepfake impersonation attempts Automated vulnerability discovery Manipulation of AI models through crafted inputs The Detect function of NIST CSF 2.0 focuses on identifying cybersecurity events quickly through continuous monitoring. Monitoring AI

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 4 AI (DE.CM) Read More »

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 3 AI (PR.DS)

InfoSec / William Tulaba

Part 3: AI Data Security & Data Security Posture Management (PR.DS) Data Is the Foundation of AI Artificial intelligence systems depend heavily on data. Training datasets, model outputs, and user prompts may contain sensitive business information. The Protect function of NIST CSF 2.0 emphasizes safeguarding data from unauthorized access and misuse. Protecting AI Training Data

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 3 AI (PR.DS) Read More »

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 2: AI (ID.AM)

InfoSec / William Tulaba

Part 2: AI Asset Management (ID.AM) Understanding the AI Attack Surface The first step in securing AI systems is knowing where they exist. Many organizations have limited visibility into the AI technologies being used across the enterprise. Employees may adopt generative AI tools independently, creating what is often referred to as “Shadow AI.” The Identify

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 2: AI (ID.AM) Read More »

Blog Series: Securing AI with NIST CSF – Part 1: AI (GV.RM & GV.SC)

InfoSec / William Tulaba

Blog Series: Securing Artificial Intelligence with the NIST Cybersecurity Framework (CSF) 2.0

Blog Series: Securing AI with NIST CSF – Part 1: AI (GV.RM & GV.SC) Read More »

William Tulaba Natick NIST CSF 2.0 GV.OC-02

GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered

InfoSec / William Tulaba

In cybersecurity, success isn’t measured solely by technical safeguards, it’s also about how well those controls reflect the expectations of the people who depend on your organization. Whether it’s customers expecting privacy, regulators demanding compliance, or employees relying on system reliability, these expectations form a key part of risk management. GV.OC-02, a subcategory within the

GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered Read More »

William Tulaba Natick NIST CSF 2.0 GV.OC-01 organizational Context

GV.OC-01: The organizational mission is understood and informs cybersecurity risk management

InfoSec / William Tulaba

Let the Mission Lead: Connecting Purpose to Cybersecurity In NIST CSF 2.0, the Govern (GV) Function brings cybersecurity into the boardroom. And at the heart of this function lies GV.OC-01, a deceptively simple idea with powerful implications: “The organizational mission is understood and informs cybersecurity risk management.” This subcategory challenges organizations to go beyond tech

GV.OC-01: The organizational mission is understood and informs cybersecurity risk management Read More »

William Tulaba Natick NIST CSF 2.0 (Cybersecurity Framework)

GV.OC – Organizational Context

InfoSec / William Tulaba

The Foundation for Risk-Informed Cybersecurity In cybersecurity, context is everything. That’s the message behind GV.OC – Organizational Context, one of the six Categories under the new Govern (GV) Function in NIST CSF 2.0. It recognizes that cybersecurity strategies are only effective when they reflect the environment in which an organization operates—its mission, stakeholders, legal obligations,

GV.OC – Organizational Context Read More »

NIST CSF 2.0 – Govern (GV)

InfoSec / William Tulaba

Understanding the New “Govern” (GV) Function in NIST CSF 2.0 When NIST released the Cybersecurity Framework (CSF) 2.0, one of the most notable changes was the introduction of a sixth core function: Govern (GV). While the original CSF focused on technical and operational activities, Identify, Protect, Detect, Respond, and Recover—the addition of Govern reflects a

NIST CSF 2.0 – Govern (GV) Read More »

NIST Cybersecurity Framework (CSF) 2.0

InfoSec / William Tulaba

Navigating NIST CSF 2.0: What’s New, What Matters, and How to Get Started The release of the NIST Cybersecurity Framework (CSF) 2.0 marks a significant milestone in the evolution of cybersecurity risk management. Nearly a decade after the original framework’s debut, this latest version introduces critical updates designed to make the framework more actionable, inclusive,

NIST Cybersecurity Framework (CSF) 2.0 Read More »

InfoSec

Get all the latest news and info sent to your inbox.