A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Overview and Analysis of NIST Cybersecurity Framework - Sarah Ackerman (Central Ohio Infosec Summit 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Overview and Analysis of NIST Cybersecurity Framework
Sarah Ackerman

GRC - Session #6 - Sarah Ackerman The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity was issued in February 2014 to provide a prioritized, risk-based approach to assessing cybersecurity controls and practices. The framework addresses the critical functions needed to drive a comprehensive cybersecurity program: - Identifying risks to resources supporting critical functions; - Protecting these resources and limiting the impact of cybersecurity events; - Detecting incidents that have occurred; - Responding to the detection of events; and - Recovering following response procedures. With the overall increased awareness of cybersecurity, management can use this framework as a supplement to an organization's risk management process in order to assess cybersecurity risk and align with best practices. We will cover the history of the cybersecurity framework and provide an overview as well as detailed study of the components, including the framework core, functional categories, critical functions, tiers, and profiles. In addition, we,ll discuss how it can be utilized as well as how it aligns with other frameworks (e.g., NIST 800-53) and provide feedback based on our experience with implementing the framework including the benefits, challenges, and available tools to assist in employing the framework to the systems environment.

Bio: As the Technology service line Director at Clark Schaefer Consulting, Sarah Ackerman provides the firm with extensive experience and knowledge regarding information security, IT audit, and other technology and control related services. Sarah oversees all IT and Security related projects, responsible for the overall engagement quality and performance of the services provided to individual clients. As a CISSP and CISA, Sarah has extensive experience in delivering security services such as vulnerability assessments, penetration testing, and web application security reviews. She has consulted with numerous organizations to enhance their information systems security and privacy controls within a wide variety of industries, applying a disciplined approach in accordance with "best practice" standards. Providing technical expertise balanced with a risk-based approach, Sarah seeks to align business goals of clients with their technical strategic initiatives; her work in security operations has resulted in a proven track record of success in identifying system control weaknesses, protecting information assets, and leading clients to successful organizational changes. She has successfully served in a variety of roles including consulting, risk management, and internal audit, and is an active member of ISACA, ISSA, (ISC)2, and IIA.

Back to Central Ohio Infosec Summit 2015 video list

15 most recent posts on Irongeek.com:

    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast