Menu

Databite No. 77: Ari Schwartz

Risk-Based Frameworks for Cybersecurity and Privacy


April 14, 2016 - 12:00 pm

Data & Society
36 West 20th Street, 11th Floor
New York, NY, 10011

Databites are Data & Society's weekly lunch conversations focused on unresolved questions and timely topics of interest to our community.

RSVP required. To request an invitation, please email events at data society dot net.

This talk will also be streamed live.

Ari Schwartz presents Building Risk-Based Frameworks for Cybersecurity and Privacy:

News headlines are filled with examples of organizations struggling with data breaches and related hacks. Many of these incidents could be prevented were organizations to evaluate possible risks and have guidelines and best practices in place to combat those risks.

In 2013, President Obama issued Executive Order 13636 directing the National Institute of Standards and Technology (NIST) to design a voluntary Cybersecurity Framework in order to strengthen cybersecurity at organizations that manage critical national infrastructure such as banking and the energy supply. The Cybersecurity Framework, produced after a year of collaboration and meetings with industry stakeholders, has been widely praised as “the Rosetta Stone” for security and is now a tool used by public and private companies and organizations for managing and reducing cyber risks.

NIST is now tasked with working on a similar framework for privacy engineering to develop standards-based tools and practices to understand and mitigate privacy risks and integrate appropriate privacy controls into information systems.

This Databite will examine the history of security and privacy standards and the logic behind the NIST’s involvement in developing these new standards. Ari will discuss the future of these efforts and contemplate the reality of what standards and frameworks can (and cannot) accomplish for security and privacy.