SFISSA’s February meeting will be on Thursday, February 16th, 2017 at Florida Atlantic University, Boca Raton. The meeting will take place in the Engineering East Building room 106 from 6PM to 9:30PM, followed by their usual networking hour.
NIST Cybersecurity Framework v1.1 is coming!
Presentation Speaker & Bio
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, ISSA Fellow, has been involved with IT for over 20 years, more than half in information security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant working with clients to implement information security management systems as well as performing security risk assessments, gap analysis, and developing policies and procedures. His research interests include IT/Security frameworks and compliance, the Internet of Things, and mobile device security.
In February of 2013, President Obama signed Executive Order #13636, directing NIST (National Institute of Standards and Technology) to develop a voluntary framework for cybersecurity. After a year of meetings and work, NIST rolled out version 1.0 of the Cybersecurity Framework (CSF) in February of 2014. The Framework sets down a group of standards to assess and improve the security posture of organizations.
Since then, we have seen an ever increasing use of it in many sectors. For instance, the SEC is expecting various financial institutions to be assessed against it, most federal agencies are using it.
About two years later, NIST has issued a Call for Information (December to February) to obtain information on how it’s being used and possible updates for it. This was followed by a Workshop at NIST HQ to go over those findings and gathering information for a potential update.
Now NIST has released a Draft of version 1.1 for public comment, with plans to release this later this year.
This presentation will look at the proposed changes to the CSF. We will give an overview of the three elements of the CSF: the Core, the Profiles, and the Tiers. And then go into the changes.
We will also touch on matters brought up that may also be included.
As the popularity of this framework increases, we will also look at the many new resources that have come about in the last year or so.
Whether you are new to the NIST CSF or experienced with it, this will be a presentation to attend.