Implementing an IT Risk Program using the NIST Cyber Security Framework

The NIST Cyber Security Framework (CSF) from 2013, based on existing standards, was created to reduce cyber risks to critical infrastructure. In this session, Bobby Dominguez will describe the key elements of the NIST CSF and focus on best practices for leveraging the CSF to implement an IT Risk Program. Specific examples and tools for operationalizing the framework will be reviewed.

The discussion will be of value to those who have already deployed the CSF and those who are new to the framework and its benefits.  Interaction with those who have not deployed the CSF will be encouraged as they will be asked to share their intentions and expectations for deploying the CSF.