Trellix sees opportunity for cyber framework improvements on tiers, target profiles

NIST’s effort to update the cybersecurity framework must strike a delicate balance to make improvements while keeping it “widely applicable and as flexible to use as possible,” according to national security company Trellix, which offers suggestions on how to make the tiers and profile aspects of the framework more useful to stakeholders.

The National Institute of Standards and Technology has published several pieces of guidance building on top of the framework over the past five years including profiles for ransomware...