"Real Vulnerability Management Goes Beyond NIST's Cybersecurity Framework"

Skybox Security's technical director, Ed Mosquera, urges local government agencies to develop a proactive and risk-based approach to cybersecurity rather than relying solely on the National Institute of Standards and Technology's (NIST) Cybersecurity Framework, because simply being NIST compliant is not enough to keep data and networks secure. Government agencies invest much in technology to protect their systems in accordance with the NIST framework. As a result, agencies that have completed the checklist may believe they are safe, but this type of thinking leads to unnoticed vulnerabilities that can be exploited by malicious actors. The NIST compliance framework was created to help companies better understand and manage network and data risks. There are still gaps when complying with such frameworks, so they should only be one component of a security strategy. A piecemeal approach to cybersecurity based on reactive cybersecurity frameworks is now ineffective. Due to the pandemic, security teams have had to face quickly changing regulatory requirements as well as an increasingly aggressive threat landscape. A proactive, risk-based approach to cybersecurity builds a secure network architecture on top of compliance frameworks. This article continues to discuss the importance of going beyond the NIST framework and the components for successfully implementing a proactive risk-based cybersecurity strategy. 

GCN reports "Real Vulnerability Management Goes Beyond NIST's Cybersecurity Framework"