In today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management. Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach.

Multiple risk management frameworks have been introduced including:

• NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
• ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission 
• FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council 
• SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations 
• FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses 
• Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework: 
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

In this webinar we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization. The webinar utilizes the NIST framework as a guide for application.

You can preview this course on our site.