In a recent Risk Management Magazine article, Onspring CISO Nichole Windholz says cyber governance can’t hinge on shifting regulatory “safe harbor” protections and urges companies to formalize threat-data sharing, tighten retention and legal guardrails, and standardize governance against frameworks like NIST CSF 2.0 and ISO 27001. She also highlights consolidating security visibility and automating triage to keep decisions and disclosures defensible as rules change.
