NIST’s latest guidance on security controls adds new areas that reflect the rapidly changing computing environment. NIST Senior Fellow Ron Ross: “The fundamentals of cybersecurity don’t change over time” Ross: Organizations that get their information risk management infrastructure in place find it easier over time to identify and decide which security controls to implement. Ross: Getting buy-in from non-technology agency and business leaders presents a challenge to IT security managers. “Laying the concrete is the toughest part. Once you got the foundation, the house goes up””]
Source: https://www.cuinfosecurity.com/ron-ross-on-revised-security-controls-a-4572