What is the "golden triangle" (Goldenes Dreieck) of holistic cyber security, and how does it map to the NIST Cybersecurity Framework?
Security must balance three dimensions — Technology, Processes and People — sitting around the NIST CSF core functions.
* The golden triangle — People, Process and Technology balanced around the NIST CSF core functions. *
The golden triangle says you cannot buy your way to security with tools alone. Technik (Technology): buy and configure the right tools. Prozesse (Processes): define and control how work is done. Mitarbeiter (People): sensitise and train staff. The NIST Cybersecurity Framework (CSF) 2.0 organises security into core functions — Govern, Identify, Protect, Detect, Respond, Recover — that wrap around these dimensions. Govern is the central function added in CSF 2.0 that ties the rest together.
Go deeper:
NIST Cybersecurity Framework (Wikipedia) — CSF 2.0 und die sechs Kernfunktionen inkl. der neuen zentralen Funktion Govern.