Analysis of Frack Water By Kiersten Briggs and Schuyler Mincemoyer.
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV)
-
Upload
investorideascom -
Category
Investor Relations
-
view
2.041 -
download
2
description
Transcript of Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV)
© 2012 Liberty Group Ventures. All rights reserved
NIST FRAMEWORK OVERVIEW
Presented by
Kiersten Todt
Roger Cressey
Liberty Group Ventures, LLC
1
Liberty Group Ventures, LLC Proprietary and Business Confidential
© 2012 Liberty Group Ventures. All rights reserved2
Framework Background
Executive Order 13636 Failure by Congress to pass cyber legislation Unprecedented cyber threat environment
Role of NIST Develop voluntary framework Industry-led
Process Ten months, five workshops, transparent process 12,000 public comments adjudicated Collaboration between NIST, White House (NSC), DHS, and private sector
© 2012 Liberty Group Ventures. All rights reserved3
Framework Basics
Core: Set of cybersecurity activities and informative references common across CI Functions: Overview of organization’s management of cyber risks
Identify, Protect, Detect, Respond, Recover (IPDRR)
Tiers: Mechanism to view approach and processes for managing cyber risk
1. Partial
2. Risk Informed
3. Repeatable
4. Adaptive Tier 4 is not the goal for every organization
© 2012 Liberty Group Ventures. All rights reserved4
Framework Basics (continued)
Profiles Alignment of IPDRR with business requirements, risk tolerance, and resources of organization Current Profile Target Profile Profiles create gap analysis
Creating a profile helps a company understand its dependencies with business partners, vendors, and suppliers.
© 2012 Liberty Group Ventures. All rights reserved5
What the Framework is Really About
Creating a common language for cyber risk management Objective: Facilitate behavioral change in organizations
Treat cyber risk as a mission equal in priority to other corporate risk
Intended for critical infrastructure owners and operators…
but can be used by many others Applies market-driven approach to cyber risk management Product of industry, not government Not one size fits all…user experience will vary
© 2012 Liberty Group Ventures. All rights reserved6
Implications of Framework
Industry: Each Sector Will Define Adoption Identify metrics for success Facilitate information sharing within industry Defining cost-effectiveness Role for insurance….finally?
Business Small (prioritize, develop risk management process) Medium (grow risk management process) Large (share best practices and lessons learned)
© 2012 Liberty Group Ventures. All rights reserved7
Framework: The Way Ahead
NIST’s Initial Areas for Further Work Authentication Automated Indicator Sharing Conformity Assessment Cybersecurity Workforce Data Analytics Federal Agency Cybersecurity Alignment Supply Chain Risk Management International Aspects, Impacts, and Alignment Technical Privacy Standards
© 2012 Liberty Group Ventures. All rights reserved8
Framework: The Way Ahead (continued)
Government DHS role evolving
Launch of Critical Infrastructure Cyber Community Voluntary Program
Providing managed security services to states, localities who adopt framework - a good first step Work with Sector Specific Agencies in first year, expand to all CI business in future
Seeking input from small business on framework adoption More work on incentives is required
International adoption…and overcoming Snowden challenge
Need for role of US business with global presence to engage and facilitate
© 2012 Liberty Group Ventures. All rights reserved9
Framework: The Way Ahead (continued) Industry
Participate in additional workshops on implementation and areas for improvement
Adopt Framework by mapping it to existing risk management process and addressing gaps that are identified through profile development
Conduct training to “normalize” cyber risk behavior, including simulations and exercises with corporate leadership
Feedback to government: Lessons learned/what works/what doesn’t/what’s missing Industry input will shape development of Framework 2.0
Non-lifeline sector adoption Retail, Manufacturing, etc.