InfoSec Archives - Page 2 of 3

William Tulaba Natick AI NIST CSF 2.0 Securing AI

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 2: AI (ID.AM)

Part 2: AI Asset Management (ID.AM) Understanding the AI Attack Surface The first step in securing AI systems is knowing where they exist. Many organizations have limited visibility into the AI technologies being used across the enterprise. Employees may adopt generative AI tools independently, creating what is often referred to as “Shadow AI.” The Identify […]

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 2: AI (ID.AM) Read More »

Blog Series: Securing AI with NIST CSF – Part 1: AI (GV.RM & GV.SC)

InfoSec / William Tulaba

Blog Series: Securing Artificial Intelligence with the NIST Cybersecurity Framework (CSF) 2.0

Blog Series: Securing AI with NIST CSF – Part 1: AI (GV.RM & GV.SC) Read More »

William Tulaba Natick NIST CSF 2.0 GV.OC-02

GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered

InfoSec / William Tulaba

In cybersecurity, success isn’t measured solely by technical safeguards, it’s also about how well those controls reflect the expectations of the people who depend on your organization. Whether it’s customers expecting privacy, regulators demanding compliance, or employees relying on system reliability, these expectations form a key part of risk management. GV.OC-02, a subcategory within the

GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered Read More »

William Tulaba Natick NIST CSF 2.0 GV.OC-01 organizational Context

GV.OC-01: The organizational mission is understood and informs cybersecurity risk management

InfoSec / William Tulaba

Let the Mission Lead: Connecting Purpose to Cybersecurity In NIST CSF 2.0, the Govern (GV) Function brings cybersecurity into the boardroom. And at the heart of this function lies GV.OC-01, a deceptively simple idea with powerful implications: “The organizational mission is understood and informs cybersecurity risk management.” This subcategory challenges organizations to go beyond tech

GV.OC-01: The organizational mission is understood and informs cybersecurity risk management Read More »

William Tulaba Natick NIST CSF 2.0 (Cybersecurity Framework)

GV.OC – Organizational Context

InfoSec / William Tulaba

The Foundation for Risk-Informed Cybersecurity In cybersecurity, context is everything. That’s the message behind GV.OC – Organizational Context, one of the six Categories under the new Govern (GV) Function in NIST CSF 2.0. It recognizes that cybersecurity strategies are only effective when they reflect the environment in which an organization operates—its mission, stakeholders, legal obligations,

GV.OC – Organizational Context Read More »

NIST CSF 2.0 – Govern (GV)

InfoSec / William Tulaba

Understanding the New “Govern” (GV) Function in NIST CSF 2.0 When NIST released the Cybersecurity Framework (CSF) 2.0, one of the most notable changes was the introduction of a sixth core function: Govern (GV). While the original CSF focused on technical and operational activities, Identify, Protect, Detect, Respond, and Recover—the addition of Govern reflects a

NIST CSF 2.0 – Govern (GV) Read More »

NIST Cybersecurity Framework (CSF) 2.0

InfoSec / William Tulaba

Navigating NIST CSF 2.0: What’s New, What Matters, and How to Get Started The release of the NIST Cybersecurity Framework (CSF) 2.0 marks a significant milestone in the evolution of cybersecurity risk management. Nearly a decade after the original framework’s debut, this latest version introduces critical updates designed to make the framework more actionable, inclusive,

NIST Cybersecurity Framework (CSF) 2.0 Read More »

William Tulaba Natick Massachusetts Security Integration

Cybersecurity Thoughts

InfoSec / William Tulaba

Cybersecurity is more critical than ever in today’s increasingly digital world. With cyber threats becoming more sophisticated, organizations must prioritize robust security frameworks to safeguard their data and maintain trust with clients.From the implementation of Zero Trust models to enhancing SIEM log management, to ensuring people, process, and technology are updated against threats, the goal

Cybersecurity Thoughts Read More »

William Tulaba Natick MA - williamtulaba william-tulaba InfoSec Natick

Closing out 2024

InfoSec, Personal / William Tulaba

As we close out 2024, it’s a great time to reflect on the strides made in cybersecurity and the challenges that continue to shape the field. This year has underscored the critical importance of proactive defense strategies, robust incident response capabilities, and the relentless pursuit of innovation to stay ahead of evolving threats. Some key

Closing out 2024 Read More »

William Tulaba Natick, MA Crowd Strike Outage

CrowdStrike Outage Lessons

InfoSec / William Tulaba

What are some lessons learned from the CrowdStrike outage? The CrowdStrike outage affected millions of people and systems. It taught us some valuable lessons to weather the next storm. To their credit, CrowdStrike found the issue quickly, turned around a fixed version of their update, and assisted customers affected with guidance and information on recovering.

CrowdStrike Outage Lessons Read More »

InfoSec

Get all the latest news and info sent to your inbox.