Speaking in the keynote theatre at Infosecurity North America, Jim Routh, CSO at insurance behemoth Aetna, told audiences that cybersecurity control frameworks, while useful, are not sufficient in today’s threat environment to cultivate effective risk management. In his “Managing & Mitigating Risks & Threats in the Digital Enterprise” presentation, Routh noted that while frameworks like the ISO 27001 and NIST’s Cybersecurity Framework (CSF) specify useful control methods, standards and procedures, all too often threat actors study them to uncover where the controls are in order to bypass them.

Read full news article on Infosecurity