In February 2024 the US National Institute of Standards and Technology issued a second version of its Cybersecurity Framework (CSF). Much of the response from the cybersecurity community was laudatory, highlighting improvements relating to governance, supply chains, and its applicability to smaller enterprises. But few of the critiques asked a simple question: How does CSF compare with the previous version, CSF 1.1. This presentation offers a skeptical analysis CSF 2.0 and offers a pathway towards getting the most value out of the current and previous versions of the framework.

Watch Now!