NIST Cybersecurity Framework: A Skeptic’s Viewpoint
Date: August 27th, 2025
Time: 11:00AM EST
Register Now!
In February 2024 the US National Institute of Standards and Technology issued a second version of its Cybersecurity Framework (CSF). Much of the response from the cybersecurity community was laudatory, highlighting improvements relating to governance, supply chains, and its applicability to smaller enterprises. But few of the critiques asked a simple question: How does CSF compare with the previous version, CSF 1.1. Had they done so, they might have noticed that although there was an increase of subcategories relating to Governance, from 4 to 31, the total number of subcategories only increased by 2. So something must have been left out. Moreover, by emphasizing the role of executive management demotes cybersecurity professionals to mere practitioners. This presentation offers a skeptical analysis CSF 2.0 and offers a pathway towards getting the most value out of the current and previous versions of the framework.
Presenter: Steven J. Ross, Executive Principal, New York, New York
Mr. Ross is Executive Principal of Risk Masters International and holds certification as a Certified Information Systems Security Professional (CISSP) as well as a Master Business Continuity Professional (MBCP), a Certified Information Systems Auditor (CISA) and a Certified Data Privacy Solutions Engineer (CDPSE). Mr. Ross is a specialist in the field of information systems security and control, specializing in Information Security, Business Continuity Management, Data Privacy and IT Disaster Recovery Planning services. He has implemented Information Security programs for numerous banks, government agencies and industrial corporations. Prior to founding Risk Masters, Mr. Ross was a director and global practice leader with Deloitte & Touche.
In consulting engagements, he specializes in planning, policy development, implementation, and standardization of Information Security processes. In recent years, his focus has been on reliability, prevention, detection and recovery from the technical and business impact of cyberattacks. He has published a book, Creating a Culture of Security. He was editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series, including e-Commerce Security: Public Key Infrastructure. Since 1998, Mr. Ross has regularly published the column, “IS Security Matters”, in the ISACA Journal. In 2022, he was inducted into the ISACA Hall of Fame.
.png){kind=icon}
