6-11-2016 NIST Cybersecurity framework

This is a past event

19 people went

Location image of event venue


NIST Cybersecurity Framework Description: In February of 2013, President Obama signed Executive Order #13636, directing NIST (National Institute of Standards and Technology) to develop a voluntary framework for cybersecurity. After a year of meetings and work, NIST rolled out version 1.0 of the Cybersecurity Framework (CSF) in February of 2014. The Framework sets down a group of standards to assess and improve the security posture of organizations. And it cross matches its controls with the controls of several other frameworks, such as COBIT 5, the Critical Security Controls, ISO 27001, and FISMA. The Framework is now 2 years old and in the time it’s come out, we have seen an ever increasing use of it in many sectors. For instance, the SEC is expecting various financial institutions to be assessed against it, most federal agencies are using it, and the legal and insurance are looking at it as a measure of due care. Recently NIST issued a Call for Information (December to February) to obtain information on how it’s being used and possible updates for it, and this was followed by a 2 day workshop in April. As security professionals, we need to understand what the Framework is all about, as we may soon (if not already) be expected to ensure our systems are in-line with it. This presentation will give an overview of the three elements of the CSF: the Core, the Profiles, and the Tiers. As the CSF controls are cross matched with other widely used Frameworks, how do these Frameworks compare? And how do the Tiers align with other maturity models? These will be looked into. We will look at one of the more recent “additions” to the Framework: the FFIEC’s CAT (Cybersecurity Assessment Tool), which is aimed at making it easier to assess an organization against the CSF and determine how well they are doing at the Core elements as well as what Tier they are in. And we will also touch on what the future may bring to the CSF as more companies and organizations put it to use. Some of this which came from the recent workshop NIST held. You should have a better understanding of the Framework and better be able to deal with it. Presenter: Michael Brown Broward Main Library - 2PM
6 Floor
100 S Andrews Ave
Fort Lauderdale, FL 33301