Govern The Ungovernable - NIST CSF Govern Function
Alan Raveling
S4x24 - ICS Security Conference · Day 3 · Stage 3
Alan Raveling's S4 conference talk, "Govern The Ungovernable - NIST CSF Govern Function," delivers a pragmatic and timely exploration of the newly introduced Govern function within the **NIST Cybersecurity Framework (CSF) 2.0**. Released as a final version on February 26th, NIST CSF 2.0 significantly expands its scope by embedding governance as a foundational element that underpins and integrates all other cybersecurity functions. Raveling’s presentation specifically targets smaller organizations, offering actionable strategies for establishing sustainable cybersecurity governance programs from the ground up, a concept he describes as "grassroots governance."
AI review
Alan Raveling's talk on the NIST CSF 2.0 Govern function provides a brutally honest and highly pragmatic roadmap for smaller organizations struggling with cybersecurity governance, especially in OT environments. He meticulously breaks down the challenges of undefined risk appetite, fluctuating strategies, and the critical IT/OT disconnect, offering actionable, 'grassroots' solutions. This isn't theoretical fluff; it's a direct, experience-driven guide to establishing sustainable governance where it's most needed but often overlooked.