SlideShare a Scribd company logo
1 of 10
Download to read offline
© 2012 Liberty Group Ventures. All rights reserved
NIST FRAMEWORK OVERVIEW
Presented by
Kiersten Todt
Roger Cressey
Liberty Group Ventures, LLC
1
Liberty Group Ventures, LLC Proprietary
and Business Confidential
© 2012 Liberty Group Ventures. All rights reserved
2
Framework Background
 Executive Order 13636
 Failure by Congress to pass cyber legislation
 Unprecedented cyber threat environment
 Role of NIST
 Develop voluntary framework
 Industry-led
 Process
 Ten months, five workshops, transparent process
 12,000 public comments adjudicated
 Collaboration between NIST, White House (NSC),
DHS, and private sector
© 2012 Liberty Group Ventures. All rights reserved
3
Framework Basics
 Core: Set of cybersecurity activities and informative
references common across CI
 Functions: Overview of organization’s management of
cyber risks
 Identify, Protect, Detect, Respond, Recover (IPDRR)
Tiers: Mechanism to view approach and processes for
managing cyber risk
1. Partial
2. Risk Informed
3. Repeatable
4. Adaptive
 Tier 4 is not the goal for every organization
© 2012 Liberty Group Ventures. All rights reserved
4
Framework Basics (continued)
 Profiles
 Alignment of IPDRR with business requirements, risk
tolerance, and resources of organization
 Current Profile
 Target Profile
 Profiles create gap analysis
Creating a profile helps a company understand its
dependencies with business partners, vendors, and
suppliers.
© 2012 Liberty Group Ventures. All rights reserved
5
What the Framework is Really About
 Creating a common language for cyber risk management
 Objective: Facilitate behavioral change in organizations
 Treat cyber risk as a mission equal in priority to other corporate risk
 Intended for critical infrastructure owners and operators…
but can be used by many others
 Applies market-driven approach to cyber risk management
 Product of industry, not government
 Not one size fits all…user experience will vary
© 2012 Liberty Group Ventures. All rights reserved
6
Implications of Framework
 Industry: Each Sector Will Define Adoption
 Identify metrics for success
 Facilitate information sharing within industry
 Defining cost-effectiveness
 Role for insurance….finally?
 Business
 Small (prioritize, develop risk management process)
 Medium (grow risk management process)
 Large (share best practices and lessons learned)
© 2012 Liberty Group Ventures. All rights reserved
7
Framework: The Way Ahead
 NIST’s Initial Areas for Further Work
 Authentication
 Automated Indicator Sharing
 Conformity Assessment
 Cybersecurity Workforce
 Data Analytics
 Federal Agency Cybersecurity Alignment
 Supply Chain Risk Management
 International Aspects, Impacts, and Alignment
 Technical Privacy Standards
© 2012 Liberty Group Ventures. All rights reserved
8
Framework: The Way Ahead
(continued)
 Government
 DHS role evolving
 Launch of Critical Infrastructure Cyber Community Voluntary
Program
 Providing managed security services to states, localities who
adopt framework - a good first step
 Work with Sector Specific Agencies in first year, expand to all CI
business in future
 Seeking input from small business on framework adoption
 More work on incentives is required
 International adoption…and overcoming Snowden
challenge
 Need for role of US business with global presence to engage
and facilitate
© 2012 Liberty Group Ventures. All rights reserved
9
Framework: The Way Ahead
(continued)
 Industry
 Participate in additional workshops on implementation
and areas for improvement
 Adopt Framework by mapping it to existing risk management
process and addressing gaps that are identified through profile
development
 Conduct training to “normalize” cyber risk behavior, including
simulations and exercises with corporate leadership
 Feedback to government: Lessons learned/what works/what
doesn’t/what’s missing
 Industry input will shape development of Framework 2.0
 Non-lifeline sector adoption
 Retail, Manufacturing, etc.
© 2012 Liberty Group Ventures. All rights reserved
9
Framework: The Way Ahead
(continued)
 Industry
 Participate in additional workshops on implementation
and areas for improvement
 Adopt Framework by mapping it to existing risk management
process and addressing gaps that are identified through profile
development
 Conduct training to “normalize” cyber risk behavior, including
simulations and exercises with corporate leadership
 Feedback to government: Lessons learned/what works/what
doesn’t/what’s missing
 Industry input will shape development of Framework 2.0
 Non-lifeline sector adoption
 Retail, Manufacturing, etc.

More Related Content

What's hot

7 Ways Insurance Brokers Should Approach InsurTech
7 Ways Insurance Brokers Should Approach InsurTech7 Ways Insurance Brokers Should Approach InsurTech
7 Ways Insurance Brokers Should Approach InsurTechSiren Group
 
The future of insurance distribution: New models for a digital customer
The future of insurance distribution: New models for a digital customerThe future of insurance distribution: New models for a digital customer
The future of insurance distribution: New models for a digital customerAccenture Insurance
 
Cracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | AccentureCracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | Accentureaccenture
 
Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Shujaa Solutions Ltd
 
Fintech Insurance Report -June 2016
Fintech Insurance Report -June 2016Fintech Insurance Report -June 2016
Fintech Insurance Report -June 2016PwC
 
Bridging the gap: cyber security skills
Bridging the gap: cyber security skillsBridging the gap: cyber security skills
Bridging the gap: cyber security skillsIpsos UK
 
Peer-to-Peer Insurance & Community - Webinar Deck
Peer-to-Peer Insurance & Community - Webinar DeckPeer-to-Peer Insurance & Community - Webinar Deck
Peer-to-Peer Insurance & Community - Webinar DeckThe Digital Insurer
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Medicare-Aged Users Want a Digital Experience and Tools
Medicare-Aged Users Want a Digital Experience and ToolsMedicare-Aged Users Want a Digital Experience and Tools
Medicare-Aged Users Want a Digital Experience and Toolsaccenture
 
What Your Competitors Are Already Doing with Big Data
What Your Competitors Are Already Doing with Big DataWhat Your Competitors Are Already Doing with Big Data
What Your Competitors Are Already Doing with Big DataBoston Consulting Group
 
The Internet of Things: Opportunity for Insurers
The Internet of Things: Opportunity for InsurersThe Internet of Things: Opportunity for Insurers
The Internet of Things: Opportunity for InsurersAndrea Silvello
 
Technology and Innovation in Insurance– Present and Future Technology in Indi...
Technology and Innovation in Insurance– Present and Future Technology in Indi...Technology and Innovation in Insurance– Present and Future Technology in Indi...
Technology and Innovation in Insurance– Present and Future Technology in Indi...Dr. Amarjeet Singh
 
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Praveen Velichety
 
Sustainability, Best's Review, December 2018
Sustainability, Best's Review, December 2018Sustainability, Best's Review, December 2018
Sustainability, Best's Review, December 2018Gates Ouimette
 
The Singapore FinTech Consortium - Introduction to InsurTech
The Singapore FinTech Consortium - Introduction to InsurTechThe Singapore FinTech Consortium - Introduction to InsurTech
The Singapore FinTech Consortium - Introduction to InsurTechFinTech Consortium
 
People First: The Primacy of the People in the Age of Digital Insurance
People First: The Primacy of the People in the Age of Digital InsurancePeople First: The Primacy of the People in the Age of Digital Insurance
People First: The Primacy of the People in the Age of Digital InsuranceAccenture México
 
IoT Insurance Observatory
IoT Insurance ObservatoryIoT Insurance Observatory
IoT Insurance ObservatoryMatteoCarbone6
 

What's hot (20)

7 Ways Insurance Brokers Should Approach InsurTech
7 Ways Insurance Brokers Should Approach InsurTech7 Ways Insurance Brokers Should Approach InsurTech
7 Ways Insurance Brokers Should Approach InsurTech
 
The future of insurance distribution: New models for a digital customer
The future of insurance distribution: New models for a digital customerThe future of insurance distribution: New models for a digital customer
The future of insurance distribution: New models for a digital customer
 
Cracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | AccentureCracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | Accenture
 
Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010
 
CII-EY Insurance Report - Insurer of the Future 2016
CII-EY Insurance Report - Insurer of the Future 2016CII-EY Insurance Report - Insurer of the Future 2016
CII-EY Insurance Report - Insurer of the Future 2016
 
Fintech Insurance Report -June 2016
Fintech Insurance Report -June 2016Fintech Insurance Report -June 2016
Fintech Insurance Report -June 2016
 
Bridging the gap: cyber security skills
Bridging the gap: cyber security skillsBridging the gap: cyber security skills
Bridging the gap: cyber security skills
 
Digitalbusiness
DigitalbusinessDigitalbusiness
Digitalbusiness
 
Peer-to-Peer Insurance & Community - Webinar Deck
Peer-to-Peer Insurance & Community - Webinar DeckPeer-to-Peer Insurance & Community - Webinar Deck
Peer-to-Peer Insurance & Community - Webinar Deck
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Medicare-Aged Users Want a Digital Experience and Tools
Medicare-Aged Users Want a Digital Experience and ToolsMedicare-Aged Users Want a Digital Experience and Tools
Medicare-Aged Users Want a Digital Experience and Tools
 
What Your Competitors Are Already Doing with Big Data
What Your Competitors Are Already Doing with Big DataWhat Your Competitors Are Already Doing with Big Data
What Your Competitors Are Already Doing with Big Data
 
The Internet of Things: Opportunity for Insurers
The Internet of Things: Opportunity for InsurersThe Internet of Things: Opportunity for Insurers
The Internet of Things: Opportunity for Insurers
 
Technology and Innovation in Insurance– Present and Future Technology in Indi...
Technology and Innovation in Insurance– Present and Future Technology in Indi...Technology and Innovation in Insurance– Present and Future Technology in Indi...
Technology and Innovation in Insurance– Present and Future Technology in Indi...
 
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
 
Sustainability, Best's Review, December 2018
Sustainability, Best's Review, December 2018Sustainability, Best's Review, December 2018
Sustainability, Best's Review, December 2018
 
Startup InsurTech Award - iCede
Startup InsurTech Award - iCedeStartup InsurTech Award - iCede
Startup InsurTech Award - iCede
 
The Singapore FinTech Consortium - Introduction to InsurTech
The Singapore FinTech Consortium - Introduction to InsurTechThe Singapore FinTech Consortium - Introduction to InsurTech
The Singapore FinTech Consortium - Introduction to InsurTech
 
People First: The Primacy of the People in the Age of Digital Insurance
People First: The Primacy of the People in the Age of Digital InsurancePeople First: The Primacy of the People in the Age of Digital Insurance
People First: The Primacy of the People in the Age of Digital Insurance
 
IoT Insurance Observatory
IoT Insurance ObservatoryIoT Insurance Observatory
IoT Insurance Observatory
 

Viewers also liked

Viewers also liked (6)

Speaker Scott Greiper, President and Founding Partner, Secure Strategy Group
Speaker Scott Greiper, President and Founding Partner, Secure Strategy GroupSpeaker Scott Greiper, President and Founding Partner, Secure Strategy Group
Speaker Scott Greiper, President and Founding Partner, Secure Strategy Group
 
Speaker Scott Sacknoff, President, The Spade Defense Index
Speaker Scott Sacknoff, President, The Spade Defense IndexSpeaker Scott Sacknoff, President, The Spade Defense Index
Speaker Scott Sacknoff, President, The Spade Defense Index
 
C3i Group Cyber Law
C3i Group Cyber LawC3i Group Cyber Law
C3i Group Cyber Law
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policy
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 

Similar to Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV)

What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For ActionBarry Greene
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Towards Quantification of Cyber Risk
Towards Quantification of Cyber RiskTowards Quantification of Cyber Risk
Towards Quantification of Cyber RiskKirstjen Nielsen
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance StrategyQuekelsBaro
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0Vincent Toms
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk SureCloud
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsSubhajit Bhuiya
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 

Similar to Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV) (20)

What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
 
Mmt2 Task1 Wgu Essay
Mmt2 Task1 Wgu EssayMmt2 Task1 Wgu Essay
Mmt2 Task1 Wgu Essay
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Towards Quantification of Cyber Risk
Towards Quantification of Cyber RiskTowards Quantification of Cyber Risk
Towards Quantification of Cyber Risk
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we work
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 

More from Investorideas.com

Viscount Systems (OTCQB:VSYS) Presentation
Viscount Systems (OTCQB:VSYS) PresentationViscount Systems (OTCQB:VSYS) Presentation
Viscount Systems (OTCQB:VSYS) PresentationInvestorideas.com
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
NXT-ID, Inc.'s (OTCQB:NXTD) Presentation
NXT-ID, Inc.'s (OTCQB:NXTD) PresentationNXT-ID, Inc.'s (OTCQB:NXTD) Presentation
NXT-ID, Inc.'s (OTCQB:NXTD) PresentationInvestorideas.com
 
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Investorideas.com
 
Positive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationPositive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationInvestorideas.com
 
Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Investorideas.com
 
Facial Recognition: The Science, The Technology, and Market Applications
Facial Recognition: The Science, The Technology, and Market ApplicationsFacial Recognition: The Science, The Technology, and Market Applications
Facial Recognition: The Science, The Technology, and Market ApplicationsInvestorideas.com
 

More from Investorideas.com (7)

Viscount Systems (OTCQB:VSYS) Presentation
Viscount Systems (OTCQB:VSYS) PresentationViscount Systems (OTCQB:VSYS) Presentation
Viscount Systems (OTCQB:VSYS) Presentation
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
 
NXT-ID, Inc.'s (OTCQB:NXTD) Presentation
NXT-ID, Inc.'s (OTCQB:NXTD) PresentationNXT-ID, Inc.'s (OTCQB:NXTD) Presentation
NXT-ID, Inc.'s (OTCQB:NXTD) Presentation
 
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
 
Positive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationPositive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
 
Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation
 
Facial Recognition: The Science, The Technology, and Market Applications
Facial Recognition: The Science, The Technology, and Market ApplicationsFacial Recognition: The Science, The Technology, and Market Applications
Facial Recognition: The Science, The Technology, and Market Applications
 

Recently uploaded

Falcon Invoice Discounting unlock your cash flow potential
Falcon Invoice Discounting unlock your cash flow potentialFalcon Invoice Discounting unlock your cash flow potential
Falcon Invoice Discounting unlock your cash flow potentialFalcon Invoice Discounting
 
Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...
Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...
Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...USDAReapgrants.com
 
Mandalay Resources 2024 April IR Presentation
Mandalay Resources 2024 April IR PresentationMandalay Resources 2024 April IR Presentation
Mandalay Resources 2024 April IR PresentationMandalayResources
 
Collective Mining | Corporate Presentation | April 2024
Collective Mining | Corporate Presentation | April 2024Collective Mining | Corporate Presentation | April 2024
Collective Mining | Corporate Presentation | April 2024CollectiveMining1
 
Q1 Probe Gold Quarterly Update- April 2024
Q1 Probe Gold Quarterly Update- April 2024Q1 Probe Gold Quarterly Update- April 2024
Q1 Probe Gold Quarterly Update- April 2024Probe Gold
 
Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024
Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024
Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024Osisko Gold Royalties Ltd
 
Collective Mining | Corporate Presentation - April 2024
Collective Mining | Corporate Presentation - April 2024Collective Mining | Corporate Presentation - April 2024
Collective Mining | Corporate Presentation - April 2024CollectiveMining1
 

Recently uploaded (8)

Falcon Invoice Discounting unlock your cash flow potential
Falcon Invoice Discounting unlock your cash flow potentialFalcon Invoice Discounting unlock your cash flow potential
Falcon Invoice Discounting unlock your cash flow potential
 
Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...
Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...
Leveraging USDA Rural Development Grants for Community Growth and Sustainabil...
 
Korea District Heating Corporation 071320 Algorithm Investment Report
Korea District Heating Corporation 071320 Algorithm Investment ReportKorea District Heating Corporation 071320 Algorithm Investment Report
Korea District Heating Corporation 071320 Algorithm Investment Report
 
Mandalay Resources 2024 April IR Presentation
Mandalay Resources 2024 April IR PresentationMandalay Resources 2024 April IR Presentation
Mandalay Resources 2024 April IR Presentation
 
Collective Mining | Corporate Presentation | April 2024
Collective Mining | Corporate Presentation | April 2024Collective Mining | Corporate Presentation | April 2024
Collective Mining | Corporate Presentation | April 2024
 
Q1 Probe Gold Quarterly Update- April 2024
Q1 Probe Gold Quarterly Update- April 2024Q1 Probe Gold Quarterly Update- April 2024
Q1 Probe Gold Quarterly Update- April 2024
 
Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024
Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024
Osisko Gold Royalties Ltd - Corporate Presentation, April 10, 2024
 
Collective Mining | Corporate Presentation - April 2024
Collective Mining | Corporate Presentation - April 2024Collective Mining | Corporate Presentation - April 2024
Collective Mining | Corporate Presentation - April 2024
 

Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV)

  • 1. © 2012 Liberty Group Ventures. All rights reserved NIST FRAMEWORK OVERVIEW Presented by Kiersten Todt Roger Cressey Liberty Group Ventures, LLC 1 Liberty Group Ventures, LLC Proprietary and Business Confidential
  • 2. © 2012 Liberty Group Ventures. All rights reserved 2 Framework Background  Executive Order 13636  Failure by Congress to pass cyber legislation  Unprecedented cyber threat environment  Role of NIST  Develop voluntary framework  Industry-led  Process  Ten months, five workshops, transparent process  12,000 public comments adjudicated  Collaboration between NIST, White House (NSC), DHS, and private sector
  • 3. © 2012 Liberty Group Ventures. All rights reserved 3 Framework Basics  Core: Set of cybersecurity activities and informative references common across CI  Functions: Overview of organization’s management of cyber risks  Identify, Protect, Detect, Respond, Recover (IPDRR) Tiers: Mechanism to view approach and processes for managing cyber risk 1. Partial 2. Risk Informed 3. Repeatable 4. Adaptive  Tier 4 is not the goal for every organization
  • 4. © 2012 Liberty Group Ventures. All rights reserved 4 Framework Basics (continued)  Profiles  Alignment of IPDRR with business requirements, risk tolerance, and resources of organization  Current Profile  Target Profile  Profiles create gap analysis Creating a profile helps a company understand its dependencies with business partners, vendors, and suppliers.
  • 5. © 2012 Liberty Group Ventures. All rights reserved 5 What the Framework is Really About  Creating a common language for cyber risk management  Objective: Facilitate behavioral change in organizations  Treat cyber risk as a mission equal in priority to other corporate risk  Intended for critical infrastructure owners and operators… but can be used by many others  Applies market-driven approach to cyber risk management  Product of industry, not government  Not one size fits all…user experience will vary
  • 6. © 2012 Liberty Group Ventures. All rights reserved 6 Implications of Framework  Industry: Each Sector Will Define Adoption  Identify metrics for success  Facilitate information sharing within industry  Defining cost-effectiveness  Role for insurance….finally?  Business  Small (prioritize, develop risk management process)  Medium (grow risk management process)  Large (share best practices and lessons learned)
  • 7. © 2012 Liberty Group Ventures. All rights reserved 7 Framework: The Way Ahead  NIST’s Initial Areas for Further Work  Authentication  Automated Indicator Sharing  Conformity Assessment  Cybersecurity Workforce  Data Analytics  Federal Agency Cybersecurity Alignment  Supply Chain Risk Management  International Aspects, Impacts, and Alignment  Technical Privacy Standards
  • 8. © 2012 Liberty Group Ventures. All rights reserved 8 Framework: The Way Ahead (continued)  Government  DHS role evolving  Launch of Critical Infrastructure Cyber Community Voluntary Program  Providing managed security services to states, localities who adopt framework - a good first step  Work with Sector Specific Agencies in first year, expand to all CI business in future  Seeking input from small business on framework adoption  More work on incentives is required  International adoption…and overcoming Snowden challenge  Need for role of US business with global presence to engage and facilitate
  • 9. © 2012 Liberty Group Ventures. All rights reserved 9 Framework: The Way Ahead (continued)  Industry  Participate in additional workshops on implementation and areas for improvement  Adopt Framework by mapping it to existing risk management process and addressing gaps that are identified through profile development  Conduct training to “normalize” cyber risk behavior, including simulations and exercises with corporate leadership  Feedback to government: Lessons learned/what works/what doesn’t/what’s missing  Industry input will shape development of Framework 2.0  Non-lifeline sector adoption  Retail, Manufacturing, etc.
  • 10. © 2012 Liberty Group Ventures. All rights reserved 9 Framework: The Way Ahead (continued)  Industry  Participate in additional workshops on implementation and areas for improvement  Adopt Framework by mapping it to existing risk management process and addressing gaps that are identified through profile development  Conduct training to “normalize” cyber risk behavior, including simulations and exercises with corporate leadership  Feedback to government: Lessons learned/what works/what doesn’t/what’s missing  Industry input will shape development of Framework 2.0  Non-lifeline sector adoption  Retail, Manufacturing, etc.