Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

NIST Privacy Framework Announced At RSAC

As the enterprise risk management tool is under development, here’s what to expect

Add bookmark
Alarice Rajagopal
Alarice Rajagopal
03/11/2019

The National Institute of Standards and Technology (NIST) is developing an enterprise risk management tool to protect consumer privacy while advancing prosperity and innovation. During RSA Conference 2019, Kevin Stine, Chief, Applied Cybersecurity Division for NIST, and Naomi Lefkovitz, Senior Privacy Policy Advisor NIST, talked about what to expect from the voluntary Privacy Framework (targeted for release later in 2019).

According to Stine, fundamentally at NIST, “We seek to cultivate trust and information, and in technology” … through advances in standards, technology and measurement science — from a cyber security and privacy perspective, in open, transparent, inclusive way. He also explained that they look to tap into the diversity of its stakeholders in order to work collaboratively with the public and private sectors.

While the NIST Privacy Framework is a few months into the process, NIST has an extensive track record of privacy expertise, which is close to 50 years now Stine said. Modeled after its NIST Cyber Security Framework, the Privacy Framework is also meant to be risk-based/outcome-based and non-prescriptive, in order to increase adoption.

See Related: “Implementing A Risk-Base Cyber Security Framework

Call To Action

Through a series of formal as well as informal events, NIST collaborates with the public for feedback as it works on development. This also includes working with Academia and all layers of Government — in order to have a comprehensive approach to the Framework.

Similarly, NIST took to the stage at RSAC to show attendees what to expect from the Privacy Framework, how it can benefit the enterprise, and understand the process for developing a Privacy Framework so that cyber security professionals can learn how to contribute.

To help in the risk-management endeavor, NIST has so far proposed five functions of the framework: Identify, protect, control, inform and respond. Each of these headings will contain a set of best practices and approaches for achieving desired outcomes.

“Privacy is just another dimension of risk, and should be a part of that broader enterprise risk management activity in an organization,” said Lefkovitz.

See Related: “RSAC Day 1 Theme: People And Tech Are ‘Better Together’

More NIST Session Highlights from RSAC

Your Data’s Integrity: Protect and Respond to Ransomware and Critical Events  
At the RSA Conference last year, NIST’s National Cybersecurity Center of Excellence (NCCoE) — MITRE, took to the stage to share ways to quickly recover from an event that alters or destroys data. This year, Anne Townsend, Lead Cyber Security Engineer was back with an entire suite that organizations can deploy to effectively identify, protect, detect and respond to data integrity events.

These solutions are follow-on projects to the highly publicized NIST Special Publication (SP) 1800-11, Recovering from Ransomware and Other Destructive Events.

Townsend went over:
1: How to understand easy-to-implement data security methods.
2: How to build a data security architecture with commercially available technologies.
3: Line-by-line guidance and how-to directions to build this solution in your own organization.

In accordance to this methodology, the NCCoE has developed three data integrity projects that are dedicated to solving businesses most pressing cyber security challenges, here.

See Related: “Recapping 2018 in Data Security and Privacy

Hot Topics in Cyber-Law 2019    
ABA attorney-SMEs kicked off the Law Track with an annual theme-setting panel on critical emerging legal issues. The aim was a practical, useable snapshot of recent developments in cyber-policy, -law and -litigation. For 2019, topics included elections as critical infrastructure, GDPR compliance and privacy shield, new foreign tech investment rules / CFIUS, and new NIST guidance on security and privacy and SCRM.

Blockchainification of Cyber-Supply Chain Risk: Hype vs. Hope   
Protecting Data & Applied Crypto 
The buzz around blockchains can be exciting, bewildering and, at times, troubling. This session got to the bottom of fact and fiction as a NIST researcher discussed how various blockchain technologies are or could be used, focusing on cyber-supply chain risk management.

Grappling with Zero-Trust Networking: How Are You Doing It?    
The concept of zero-trust networking is gaining more momentum. Vendors are coming out with new technologies or re-positioning current products to align with zero-trust initiatives. But is your organization actually implementing zero trust? This session asked, "How are you doing it? What have you learned?"

How to Eliminate a Major Vulnerability in the Cyber Security Workforce    
There’s a major vulnerability in most cyber security firms and workforces that has yet to be addressed: the industry’s gender gap. At a gathering of cyber-practitioners, behavioral scientists, and industry and government leaders in fall 2018, NIST developed strategies to solve the problem and then road tested them with participants at this year's session.

The NIST Cyber Security Framework: Building on Success    
This panel discussed the adoption of the Cyber Security Framework around the world and shared experiences and lessons learned from implementing the Framework. Panel members included the NIST program manager for the Cyber Security Framework as well as Cyber Security Framework practitioners. Attendees learned how the Framework is being used today and where NIST sees it going tomorrow.

Healthcare Cyber Security: Helping Secure Emerging Health Technologies    
Healthcare innovation is advancing at a rapid pace with the proliferation of network-connected medical devices, remote patient monitoring and telehealth opportunities. But is security keeping up with the innovation? This session assessed current medical device security and discussed how health delivery organizations and care providers can help mitigate these risks as new technologies emerge.

Measuring Cyber Security Effectiveness in a Threat-Based World    
The panel helped to increase understanding of how DHS, NSA and NIST are using threat data to help agencies protect information and detect and respond quickly to adversarial actions. They examined how DHS CISA fuses threat intelligence with agency vulnerability data to improve info sharing and how efforts such as the .gov CAR initiative are helping create better threat models and solutions.

See Related: “RSAC Opening Day Focuses On Cyber Security Talent

Tags: Cyber Security NIST Framework RSA Conference RSAC enterprise risk Data Privacy Government Webinar MITRE Corporation Blockchain Supply Chain supply chain risks Zero Trust Model crypto Healthcare

Upcoming Events

Building cyber resilience

24 April, 2024
Online

Register Now | View Event
Building cyber resilience

Building high-performing development teams: Harnessing tools, processes & AI

02 May, 2024
Online

Register Now | View Event
Building high-performing development teams: Harnessing tools, processes & AI

Digital Identity Week

June 11 - 13, 2024
Melbourne, Victoria

Register Now | View Agenda | View Event
Digital Identity Week

Anti-Financial Crime Exchange Europe 2024

September 19-20
Frankfurt, Germany

Register Now | View Agenda | View Event
Anti-Financial Crime Exchange Europe 2024
MORE EVENTS

Follow Us

         

Latest Webinars

Building high-performing development teams: Harnessing tools, processes & AI

2024-05-02
11:00 AM - 12:00 PM EDT

Discover how to enhance your development team’s efficiency through advanced tools, Agile methodologi...
Building high-performing development teams: Harnessing tools, processes & AI

Building cyber resilience

2024-04-24
11:30 AM - 12:30 PM SGT

Why it’s essential that technology seamlessly connects IT, security, risk and the business
Building cyber resilience

Strategies to enhance secure customer onboarding

2024-03-27
11:30 AM - 12:30 PM SGT

Focus on achieving speedy and secure customer onboarding and combat user lifecycle fraud with phone...
Strategies to enhance secure customer onboarding
MORE WEBINARS

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy