News & Media

GARP: Updated U.S. Cyber Guidelines Place Emphasis on Risk Governance

Date published:

Dec 1, 2023

No items found.
SHARE ON
SHARE ON

GARP

December 1, 2023

The GARP (Global Association of Risk Professionals) article by David Weldon highlights a recent move by the National Institute of Standards and Technology (NIST) to update its Cybersecurity Framework (CSF) to add a new governance pillar.  The CSF has guided finance and other critical infrastructures’ preparedness for and responsiveness to cyber threats for nearly a decade – and the most recent move, according to the article, is the framework’s first complete makeover.

The U.S. Department of Commerce agency, according to the article, said there is “widespread agreement that changes are warranted to address current and future cybersecurity challenges and to make it easier for organizations to use the framework.”

VikingCloudglobal security architect, Fayyaz Makhani, is quoted several times in the article, explaining that the new governance pillar elevates the importance of cyber risk management in business and compliance outcomes: “Cybersecurity is not just a technical matter, but also a governance and organizational issue.  It emphasizes that effective cybersecurity requires not only implementing technical safeguards, but also having clear policies, procedures, and roles in place to manage and govern cybersecurity risks.”

For more on how the 10-year-old NIST framework’s update draws from and expands the applicability of proven practices in financial services and other critical sectors to improve companies’ cybersecurity posture, read the full article at garp.org.

SHARE ON