NIST long ago articulated its Risk Management Framework, which aims to improve organizations' abilities to manage security risks posed by cyber threats, system vulnerabilities and evolving business requirements. But why do organizations still struggle to put theory into practice?
Join this discussion featuring NIST's Ron Ross and DHS's John Streufert, who offer insights on:
Goals of leading IRM implementation;
Assessing risk in volatile times;
Handling conflicts among stakeholders.
The information risk management framework has been around for years, but a growing number of organizations struggle in implementing a successful program.
Part of the problem is cultural; information risk management isn't integrated into the fabric of many enterprises, as it should be. Top leaders often do not actively encourage information risk management best practices. Without such support, an information risk management framework won't get propagated throughout the organization. And that proves costly.
By implementing an information risk framework enterprisewide, organizations not only save money by doing it once, but help reduce vulnerabilities by making sure proper controls are implemented throughout the organization.
And because threats intensify daily, the need for organizations to implement an information risk management framework is more important than ever.
In this session, an expert panel, including Ron Ross of NIST, reviews:
Common mistakes made by organization implementing an information risk management framework;
How to overcome organizational challenges and ensure a successful implementation.
Fellow, National Institute of Standards and Technology (NIST)
Ross specializes in information security, systems security engineering and risk management. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, the U.S. Intelligence Community and the Committee on National Security Systems, with responsibility for developing the Unified Information Security Framework for the federal government and its contractors. In addition to his responsibilities at NIST, Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Ross has lectured at many universities across the country and has received numerous private sector cybersecurity awards.
Streufert leads DHS's effort to build and maintain an effective national cyberspace response system and to implement a cyber risk management program. He served as the State Department's chief information security officer between from 2006 to 2012, where he instituted a program that resulted in an 89 percent reduction in risk in 12 months.