videoApril 14 2016

Risk-Based Frameworks for Cybersecurity and Privacy

Ari Schwartz

Databite No. 77

News headlines are filled with examples of organizations struggling with data breaches and related hacks. Many of these incidents could be prevented were organizations to evaluate possible risks and have guidelines and best practices in place to combat those risks.

In 2013, President Obama issued Executive Order 13636 directing the National Institute of Standards and Technology (NIST) to design a voluntary Cybersecurity Framework in order to strengthen cybersecurity at organizations that manage critical national infrastructure such as banking and the energy supply. The Cybersecurity Framework, produced after a year of collaboration and meetings with industry stakeholders, has been widely praised as “the Rosetta Stone” for security and is now a tool used by public and private companies and organizations for managing and reducing cyber risks.

This Databite examines the history of security and privacy standards and the logic behind the NIST’s involvement in developing these new standards. Ari discusses the future of these efforts and contemplate the reality of what standards and frameworks can (and cannot) accomplish for security and privacy.

A leading voice in national cybersecurity policy with extensive government and nonprofit sector experience, Ari Schwartz directs Cybersecurity Services for Venable’s Cybersecurity Risk Management Group. In this role, Ari guides the establishment of cybersecurity consulting services for Venable, assisting organizations with understanding and the development of risk management strategies, including implementation of the Cybersecurity Framework and other planning tools to help minimize risk. Ari also coordinates the Coalition for Cybersecurity Policy and Law, a group of leading cybersecurity companies dedicated to educating policymakers on cybersecurity issues and promoting a vibrant marketplace for cybersecurity technology solutions.

About Databites
Data & Society’s “Databites” speaker series presents timely conversations about the purpose and power of technology, bridging our interdisciplinary research with broader public conversations about the societal implications of data and automation.