The Cyber Ranch Podcast

CSF 1.1 and 2.0 with Geoff Hancock

Dec 6, 2023

Geoff Hancock, Deputy CEO and CISO for Access Point Consulting, discusses the NIST CSF versions 1.1 and 2.0. Highlights of the conversation include the role of frameworks in cybersecurity, the changes in CSF 2.0, the addition of the GV function, overdue implementation examples, and the focus on supply chain. The chapter also explores starting small with a lightweight framework, the difference between compliance and security, and the importance of supply chain risk management.

37:17

Creator website

Episode guests

Geoff Hancock

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The new version of CSF introduces the governance category, emphasizing the need for cybersecurity alignment with business objectives and context.

CSF 2.0 highlights the importance of maturity in cybersecurity, prompting organizations to continuously improve their security posture to match evolving business goals and risk landscape.

Deep dives

The importance of governance in cybersecurity

The new version of the cybersecurity framework (CSF) introduces the governance category, highlighting the significance of managing and overseeing cybersecurity efforts in organizations. This category emphasizes the need for a business-to-technology handshake, where cybersecurity aligns with the overall business objectives and context. It encourages organizations to identify stakeholders, establish criteria for determining critical capabilities and services, and track legal and compliance issues. By implementing a governance framework, organizations can effectively prioritize investments, resources, and resilience strategies that align with their unique risks and mission.

Introduction

2min

CSF 2.0 Development and Implementation

7min

The Role of Frameworks in Cybersecurity

3min

The Difference Between Compliance and Security in Cybersecurity Frameworks

3min

Starting Small with a Lightweight Framework

19min

Exploring Supply Chain Risk in Cybersecurity

3min

Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest is Geoff Hancock, Deputy CEO and CISO for Access Point Consulting, Former Global Director and CISO over at World Wide Technology. He’s also a Senior Fellow and Adjunct Professor at George Washington University and has held various C-suite and executive roles at Verizon, CGI Federal Advanced Technology, Microsoft, and Advanced Cybersecurity Group. Yup! Another well-established guest. But wait! There’s more! Geoff has been involved in the creation and maintenance of the NIST CSF – the cybersecurity framework whose current version (1.1) dictates more security programs on Planet Earth than any other framework, and whose new version (2.0) will soon be ratified and finalized. 2.0 DRAFT and request for comments have already come out and the comments period is now closed. I asked Geoff to join us here at the ‘Ranch to talk CSF 2.0 with us:

Tell us about your history and relationship with NIST CSF
Let’s talk briefly about the role of frameworks in cybersecurity. I’m thinking of the “compliance != security” mantra here.
0 vs 1.1 – what are the highlights?
1. GV (Govern) Function added
2. Implementation Examples (Long overdue IMHO!)
3. What else?
Changes to categories – 2 less overall, but other changes as well…
I was glad to see supply chain called out in specific. That was overdue. What else was overdue?
What should have been in there that is not?
Describe the process if you would for generating a CSF – we have already seen draft and call for public feedback. What’s next?

Y'all be good now!

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The Cyber Ranch Podcast

CSF 1.1 and 2.0 with Geoff Hancock

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The importance of governance in cybersecurity

Maturity as a key aspect of cybersecurity frameworks

Addressing supply chain risks

Contributing to the evolution of CSF

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

The Cyber Ranch Podcast

CSF 1.1 and 2.0 with Geoff Hancock

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The importance of governance in cybersecurity

Maturity as a key aspect of cybersecurity frameworks

Addressing supply chain risks

Contributing to the evolution of CSF

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights