While researching the trends in adoption of the NIST cybersecurity framework, I found this article that strongly supports the adoption of the NIST Framework. As a board member, I agree because the framework bridges the gap between security experts and corporate directors. It is simple, Identify, Protect, Detect, Respond and Recover—five elements only. It allows for people who are not cybersecurity specialists to participate in cybersecurity decisions, which is expected from directors to meet oversight duties. Interesting to note is the fact that the average amount of time it takes an organization to find malware on its system, for a non-bank, is about five months, a wake-up call for corporate directors. Have you discussed adopting a cybersecurity framework at the board level, do you know if your company has one? If you want to learn more about the NIST framework, read my article  http://www.joseemorin.ca/en-articles/2017/7/3/cyber-risk-oversight-tips-for-corporate-directors-to-improve-understanding-and-involvement

https://www.bna.com/2017-cybersecurity-prediction-n73014450091/