Abstract
NIST (National Institute of Science and Technology) recently rolled out the Cybersecurity Framework (CSF) for use by organizations. The Framework sets down a group of standards to assess the security posture of organizations. While use of the Framework is not mandatory, in some areas we are seeing that the use of it is being pushed. For instance, the SEC is expecting various financial institutions to be assessed against it. As security professionals, we need to understand what the Framework is all about, as we may soon (if not already) be expected to ensure our systems are in-line with it.
This presentation will give an overview of the elements of the CSF, with a comparison of other widely used Frameworks, such as ISO 27001/2. At the end, you should have a better understanding of the Framework and better able to deal with it.
Bio
Involved in IT for 20 years, last 10 in Security. Worked up from a security admin to a global security architect for a large corporation, managing several of their security systems. Last couple of years working as a security consultant conducting security risk assessments for a variety of clients small and large in the healthcare and financial areas.