This is the fifth blog in a five-part series on utilizing a cybersecurity framework (NIST CSF 2.0) to establish a comprehensive cybersecurity program. If you missed the previous parts, you can find them here: 

Welcome back to this five-part series on using a cybersecurity framework (NIST CSF 2.0) to build a proper cybersecurity program. If you missed the previous parts, you can find them here: 

Cybersecurity has traditionally been reactive. Detect a threat inside the network? Deploy an effective countermeasure. Get locked out of an application and receive a ransomware demand? Work to regain control over your systems. This never ending back and forth has put security teams on the defensive, always reacting to incidents, events and security risks as they present themselves.

For those just tuning in, this five-part series is all about how to use a cybersecurity framework - utilizing the updated NIST CSF 2.0 as our foundation - to help organizations identify their strengths, weaknesses and security gaps and provide guidance for how to address those needs. Be sure to read the previous two articles in this series where we introduce NIST Cybersecurity Framework 2.0, as well as how security teams can use a cyber defense matrix to conduct a security assessment.