Ari Schwartz presents Building Risk-Based Frameworks for Cybersecurity and Privacy:
News headlines are filled with examples of organizations struggling with data breaches and related hacks. Many of these incidents could be prevented were organizations to evaluate possible risks and have guidelines and best practices in place to combat those risks.
In 2013, President Obama issued Executive Order 13636 directing the National Institute of Standards and Technology (NIST) to design a voluntary Cybersecurity Framework in order to strengthen cybersecurity at organizations that manage critical national infrastructure such as banking and the energy supply. The Cybersecurity Framework, produced after a year of collaboration and meetings with industry stakeholders, has been widely praised as “the Rosetta Stone” for security and is now a tool used by public and private companies and organizations for managing and reducing cyber risks.
NIST is now tasked with working on a similar framework for privacy engineering to develop standards-based tools and practices to understand and mitigate privacy risks and integrate appropriate privacy controls into information systems.
This Databite will examine the history of security and privacy standards and the logic behind the NIST’s involvement in developing these new standards. Ari will discuss the future of these efforts and contemplate the reality of what standards and frameworks can (and cannot) accomplish for security and privacy.