Jump to content

Search the Community

Showing results for tags 'workshop'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Categories

  • Founder
  • Platinum
  • Gold
  • Silver
  • Partners

Forums

  • Framework 101
    • Webseries
    • Tiers
    • Profiles
    • Framework Core
  • General
    • Implementation Guidance
    • Solutions
    • Framework in the News
    • Supply Chain Risk Management
    • Success Stories
    • General Discussion
  • Version 2.0
    • Governance
    • Technical Qualifications
    • Updates and Improvements
  • Workshop
    • Feedback
  • Members
    • Member's Lounge
  • BSI RFI Responses

Blogs

  • Team CForum
  • Mike Brown's Blog
  • Tom.Conkle's Blog
  • Tony Sager's Blog
  • RonGula's Blog
  • Whitsitt on the NIST Framework
  • Frank Downs' Blog
  • Thoughts from Greg
  • matthew.smith's Blog

Categories

  • General
  • BSI RFI Responses
  • Guides
  • Templates
  • Example Profiles
  • Other Resources

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


ICQ


Yahoo


Jabber


Skype


Location


Interests


First


Last


Middle


Company Name


Sector


Affiliations


Country

Found 6 results

  1. Tom.Conkle

    Cybersecurity Framework Workshop 2016

    NIST is hosting the next Cybersecurity Framework at their main campus in Gaithersburg, MD. The conference is scheduled for April 6 - 7, 2016. The registration page is open. The workshop draft agenda includes a readout on the responses to the December 2015 RFI and working sessions on Roadmap items, Governance of the Framework, Framework Update, and several special topics. Topics are expected to include: ways in which the Framework is being used to improve cybersecurity risk management, how best practices for using the Framework are being shared, the relative value of different parts of the Framework, the possible need for an update of the Framework, and options for long-term governance of the Framework. There is an optional seminar on April 5 that will provide an overview of the Framework's development, basic components, uses cases, and resources. The optional seminar will provide a 101 type session to help attendees understand how the Framework was developed and is being used today. I hope to see you there.
  2. Tom.Conkle

    Cybersecurity Framework Workshop 2016

    NIST is hosting the next Cybersecurity Framework at their main campus in Gaithersburg, MD. The conference is scheduled for April 6 - 7, 2016. The registration page is open. The workshop draft agenda includes a readout on the responses to the December 2015 RFI and working sessions on Roadmap items, Governance of the Framework, Framework Update, and several special topics. Topics are expected to include: ways in which the Framework is being used to improve cybersecurity risk management, how best practices for using the Framework are being shared, the relative value of different parts of the Framework, the possible need for an update of the Framework, and options for long-term governance of the Framework. There is an optional seminar on April 5 that will provide an overview of the Framework's development, basic components, uses cases, and resources. The optional seminar will provide a 101 type session to help attendees understand how the Framework was developed and is being used today. I hope to see you there.
  3. On October 1, 2015, NIST initiated a two day workshop on Cyber Supply Chain Risk Management. The workshop provided an opportunity for industry, acedemia, and government to discuss challenges and best practices in cyber SCRM. The first day featured two panels that initiated the discussion on cyber SCRM that led to breakout sessions that allowed participants to collaborate on the topics. The first panel provided an overview on how cyber suply chain risk are managed within the panelists' organizations: Johnson & Johnson, Northor Gruman, Verizon, and Intel Corp. Each panelist provided an overview of how cyber SCRM is addressed in their organizatin and techiques they have implemented to inform executives of cyber supply chain risks. The second panel discussed Organiational Strategies to SCRM. This panel featured panelist from organziations that have robust, but different approaches for addressing Cyber SCRM within their organizations. The panelists from Cisco Systems, John Deere, Johnson & Johnson, and Schweitzer Engineering Laboratories (SEL) described their approaches for communicating cybersecurity concerns within the supply chain to their executives as well as their approach for monitoring their suppliers. Many panelists expressed the requirement to audit suppliers to ensrue they are operating with similiar cybersecurity protections as they expect for their own organization. Deere specificially addreesed a need to protect their brand name by ensuring they understand the value chain of their suppliers. This understanding is developed through continuous auditing for suppliers production, quality,and cybersecurity capabilities. After the two panels, workshop attendees were provided and opportunity to discuss these topics in breakout sessions. The breakout sessions provided attendees an opportunity to comment on their organizations approach to SCRM, identify additional best practices, and confirm current gaps in SCRM. The breakout sessions idenified several gaps within SCRM. The gaps included a general lack of education and awareness of SCRM risks within their organization, the perception that cyber is a IT risk and not a supply chain risk, and a general lack of participation at the executive and board level of organizations. NIST also identified several SCRM case studies that they completed. The case studies are available at the NIST SCRM site at: http://www.nist.gov/itl/csd/best-practices-in-cyber-supply-chain-risk-management-october-1-2-2015.cfm. The case studies identify the current SCRM practices within ~20 leading companies. They provide organizations an understanding of what others are doing and provide a sample for how SCRM can be implemented within their organization. NIST will also provide a summary of the workshop and additional guidance to industry based on the information obtained during the workshop to further help organizations get started or improve their SCRM processes. What are your thoughts from the workshop?
  4. As a follow-up to my blog post here in December, I wanted to mention a class I'll be offering in different U.S. throughout this year that helps define cybersecurity as a problem space, as discipline, and which attempts to fill in some of the larger gaps in the framework: Risk Management, Metrics, Communicating about Cybersecurity, etc. Hopefully some of you will see value in attending; I think it is relatively unique content with an unusual perspective. Overview: This 2-day class – one of several throughout the U.S. in 2015 – is intended for those leaders, decisions makers, and technologists who feel that they are lacking a usable bridge between the technology and business aspects of cybersecurity and wish to do more than simply build a standard security program and hope for the best. Value: The instructor will use two common security frameworks (NIST and C2M2) alongside custom material (developed over 9 years and unavailable elsewhere) to provide students with the necessary cybersecurity, framework, and communication theory required to make practical improvements to their cybersecurity environments, including, potentially: More effective management of the organizational behaviors outside of the CISO shop that lead to increased cybersecurity risk Enhancement of the functioning and efficacy of security-specific programs and organizations Development of appropriate, actionable metrics for all organizational levels, including the executive Increased assurance that critical business success criteria are met despite ongoing cyber risk More comprehensive plans to defend against specific external threats Improved management of Perception, Communication, Scale, and Uncertainty risks associated with cybersecurity Improved partnership and collaboration within and across organizations, public and private Reduced gap between “Compliance” and “Security” Easier, more effective development of custom formal and informal frameworks to bridge gaps between disciplines Audience: The target audience for this class includes executives, security leaders, technology practitioners, architects, policymakers, lawyers, and other individuals interested in moving beyond industry and media hype to develop a broader understanding of both the problem space and discipline of “Cybersecurity” as it applies to their specific roles. Class will be tailored, within the constraints of the topic areas, to the backgrounds and needs of attendees. The first day will focus on theory presentation and the second day will apply that theory to practical problems – some as requested by students - in a workshop environment. Students should also be aware that, despite some use of jargon, no technical experience or security expertise is assumed and each class will be tailored to the experience levels of those in attendance wherever possible. Dates: Phoenix, April 14-15 Minneapolis, June 16-17 Portland, August 11-12 Dallas, October 13-14 Nashville, November 10-11 Custom Dates and Locations Available http://www.energysec.org/upcoming-live-events/
  5. NIST announced the 6th cybersecurity Framework Workshop. The official announcement is located here. It is scheduled for Oct 29 - 30 in Tampa, FL. This workshop will "gather input to help NIST understand stakeholder awareness of, and initial experiences with, the framework and related activities to support its use." NIST is also preparing to issue an RFI soliciting feedback in these areas. The RFI responses will inform the workshop. What information do you hope to hear about at the workshop? Are there any specific tracks you would like to see hosted at the workshop?
  6. On Dec 5, 2014, NIST released an "Update on the Cybersecurity Framework". The full update is available at http://www.nist.gov/cyberframework/upload/nist-cybersecurity-framework-update-120514.pdf. The update provides a high-level summary of comments received through the Request For Information (RFI) released on Aug 26, 2014 and during the Tampa, FL workshop held Oct 29 & 30, 2014. The update in eight pages summarizes responses received on topics such as: How General Awareness of the Framework is being shared and received, Initial Experiences organizations have in using the Framework, Current thoughts on Framework Updates, The use of the Framework in Small/Medium-Sized Businesses, Regulation and Regulatory Concerns, Guidance for using the Framework, and International Aspects, Impacts, and Alignment of the Framework. The update also provided a summary on activities identified in the Framework Roadmap that NIST released in conjunction to the Framework. The update provides status updates on specific Roadmap areas including: Authentication Automated Indicator Sharing Supply Chain and Conformity Assessment Cybersecurity Workforce Standards Supporting the Framework Privacy Methodologies Finally, the update provides an overview of Next Steps NIST is considering to help address comments received during the workshop and RFI process. The first key next step is for NIST to continue increasing efforts to raise awareness of the Framework. Another NIST priority identified in the update was to develop and disseminate information and training materials to help organization use advance the use of the Framework. In addition to the training material NIST will explore options for providing publically-available Framework reference material. NIST also identified a goal for developing material on aligning the Framework to business processes.
×