CISO Corner: Navigating NIST CSF 20 with AI Chaos

March 2, 2024
1 min read

TLDR:

  • Operationalizing NIST CSF 2.0 is discussed, emphasizing the importance of incorporating executive and board oversight of cybersecurity.
  • Apple and Signal introduce quantum-resistant encryption to protect communications and data from future quantum computer attacks.

Full Article:

Welcome to CISO Corner, Dark Reading’s weekly digest of articles tailored specifically to security operations readers and security leaders. The latest issue covers various cybersecurity topics:

NIST Cybersecurity Framework 2.0: 4 Steps to Get Started

The updated version of NIST’s Cybersecurity Framework introduces a new “Govern” function to enhance executive and board oversight of cybersecurity. Cybersecurity teams are advised to evaluate existing assessments, identified gaps, and remediation activities to implement the changes effectively.

Apple, Signal Debut Quantum-Resistant Encryption

Apple and Signal have introduced post-quantum cryptographic (PQC) protocols to secure communications and data against future quantum computer threats. These encryption protocols are designed to withstand attacks from quantum computers, but organizations will face challenges in transitioning to quantum-resistant algorithms.

It’s 10 p.m. Do You Know Where Your AI Models Are Tonight?

The growth of AI models poses challenges for software supply chain security, as many organizations lack visibility into embedded AI models. Traditional security tools are not equipped to scan or understand AI models, leading to potential security risks. Organizations need to address AI model visibility and security to mitigate software supply chain risks.

Orgs Face Major SEC Penalties for Failing to Disclose Breaches

The SEC’s new data-breach disclosure rules impose significant fines and penalties on companies that fail to comply. CISOs are now personally liable for cybersecurity and data-breach disclosure processes, leading to increased costs and reevaluation of cybersecurity strategies.

Biometrics Regulation Heats Up, Portending Compliance Headaches

Increasing biometric privacy laws aim to protect consumers amid rising cloud breaches and AI-generated deepfakes. Businesses handling biometric data must navigate complex regulations to ensure compliance, requiring proactive risk management and infrastructure development.

DR Global: ‘Illusive’ Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms

The Iranian threat group UNC1549 targets aerospace and defense companies in the Middle East, using tailored spear-phishing attacks and cloud infrastructure for command-and-control. This sophisticated attack presents challenges in detection and tracking for targeted organizations.

MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

MICRE, in collaboration with industry leaders, introduces new Common Weakness Enumeration (CWE) categories to address microprocessor vulnerabilities. These CWEs provide a common language for discussing weaknesses in modern microprocessor architectures, enhancing chip designers’ and security practitioners’ understanding of critical flaws.

Converging State Privacy Laws & the Emerging AI Challenge

As US states pass data privacy legislation, businesses must evaluate the data they process, manage risks, and plan mitigation strategies. The adoption of AI introduces complexities, necessitating a comprehensive approach to comply with evolving privacy laws and address emerging data privacy trends.

Read more from Tara Seals, Managing Editor, News, Dark Reading

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and