Date/time: Tuesday 26 November 2019 – 11:00 EST / 16:00 GMT / 17:00 CET
The NIST Cybersecurity Framework (CSF) has proven to be de-facto global standard for representing an organized collection of policies, processes and controls that an organization should have to reduce and manage the risk of cybersecurity threats. The NIST CSF however, lacks direction and support for identifying and managing real business drivers and demonstrating business value enhancement.
The SABSA Institute recognized the limitations of the NIST CSF and established the SABSA Enhanced NIST Cybersecurity Framework (SENC) project to develop and propose a SABSA business-risk driven front-end to the NIST CSF. The objective of the SENC project is to use the SABSA Business Attribute Profiling method to specify the business risks for an organization in the form of a Business Attribute Profile and define a method, specific measurements and performance targets that reflect the views and concerns of the organization.
In this session he will review the structure and content of the current version of the NIST CSF and identify areas where enhancements to the framework and supporting reference material are needed and where SABSA can contribute to improving the framework and how it is used. He will also provide a current update on the activities of the SENC project to enhance the framework and answer any questions on the NIST CSF or the efforts of the SENC project.
Speaker: Glen Bruce
Glen Bruce is focused on Security Strategies, Architectures, PKI and Governance supporting business and governments in their approach to managing information and cyber security risk. He has over 45 years of in-depth experience in IT consulting, systems management and technical positions. He has led many information security engagements, where he has helped clients establish effective strategies, governance, architectures, policies and infrastructure implementations in support of both business and technical requirements. He is also the co-author of the book, “Security in Distributed Computing: Did You Lock the Door” published by Prentice-Hall. His experience and knowledge has taken him around the world to assist organizations with information security issues.