Analysis of Frack Water By Kiersten Briggs and Schuyler Mincemoyer.
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV)
9
© 2012 Liberty Group Ventures. All rights reserved NIST FRAMEWORK OVERVIEW Presented by Kiersten Todt Roger Cressey Liberty Group Ventures, LLC 1 Liberty Group Ventures, LLC Proprietary and Business Confidential
-
Upload
investorideascom -
Category
Investor Relations
-
view
2.041 -
download
2
description
Kiersten E. Todt President and Managing Partner Liberty Group Ventures, LLC (LGV) Kiersten Todt is the President and Managing Partner of Liberty Group Ventures, LLC (LGV). She develops risk and crisis management solutions for infrastructure, emergency management, cybersecurity, higher education, and homeland security clients in the public, private, and non-profit sectors. She has served in senior positions in both the executive and legislative branches of government. Ms. Todt has commented on homeland security and sport security issues in multiple media outlets, including MSNBC, NPR, Bloomberg, and The Wall Street Journal. Her work on sport security has been published in two editions of The International Centre for Sport Security Journal. Prior to LGV, Ms. Todt was a partner at Good Harbor Consulting and was responsible for the company's North America crisis management practice, which had a concentration in cyber security. Clients included states and quasi-public institutions, maritime entities, small and large businesses, and college and university systems. Before joining Good Harbor, she worked for Business Executives for National Security (BENS) and was responsible for integrating the private sector into state and local emergency management capabilities; she also developed and executed federal and regional port and cyber security projects. Prior to BENS, she was a consultant for Sandia National Laboratories and worked with the California Governor's Office and Bay Area Economic Forum to develop the homeland security preparedness plan for the Bay Area. Ms. Todt was also an adjunct lecturer at Stanford University. Ms. Todt served as a Professional Staff Member on the U.S. Senate Committee on Governmental Affairs (now the Committee on Homeland Security and Governmental Affairs); she worked for the Committee Chairman, Senator Joseph Lieberman, and was responsible for drafting the bioterror, infrastructure protection, emergency preparedness, and science and technology directorates of the legislation that created the Department of Homeland Security. She also served as Senator Lieberman's Appropriations Director and managed his drug policy portfolio. Before working in the Senate, Ms. Todt served in Vice President Gore's domestic policy office and was responsible for coordinating federal resources with locally-defined needs, specifically focusing on energy challenges in California and housing issues. She was also the senior advisor on demand-reduction issues to Director Barry. R. McCaffrey at the Office of National Drug Control Policy (ONDCP). Ms. Todt graduated from Princeton University, with a degree in public policy from The Woodrow Wilson School of Public and International Affairs. She holds a master's degree in Public Policy from the John F. Kennedy School of Government at Harvard University and was selected to be a Presidential Management Fellow in 1999. She earned the Outstanding Service Award at ONDCP.
Transcript of Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC (LGV)
© 2012 Liberty Group Ventures. All rights reserved
NIST FRAMEWORK OVERVIEW
Presented by
Kiersten Todt
Roger Cressey
Liberty Group Ventures, LLC
1
Liberty Group Ventures, LLC Proprietary and Business Confidential
© 2012 Liberty Group Ventures. All rights reserved2
Framework Background
Executive Order 13636 Failure by Congress to pass cyber legislation Unprecedented cyber threat environment
Role of NIST Develop voluntary framework Industry-led
Process Ten months, five workshops, transparent process 12,000 public comments adjudicated Collaboration between NIST, White House (NSC), DHS, and private sector
© 2012 Liberty Group Ventures. All rights reserved3
Framework Basics
Core: Set of cybersecurity activities and informative references common across CI Functions: Overview of organization’s management of cyber risks
Identify, Protect, Detect, Respond, Recover (IPDRR)
Tiers: Mechanism to view approach and processes for managing cyber risk
1. Partial
2. Risk Informed
3. Repeatable
4. Adaptive Tier 4 is not the goal for every organization
© 2012 Liberty Group Ventures. All rights reserved4
Framework Basics (continued)
Profiles Alignment of IPDRR with business requirements, risk tolerance, and resources of organization Current Profile Target Profile Profiles create gap analysis
Creating a profile helps a company understand its dependencies with business partners, vendors, and suppliers.
© 2012 Liberty Group Ventures. All rights reserved5
What the Framework is Really About
Creating a common language for cyber risk management Objective: Facilitate behavioral change in organizations
Treat cyber risk as a mission equal in priority to other corporate risk
Intended for critical infrastructure owners and operators…
but can be used by many others Applies market-driven approach to cyber risk management Product of industry, not government Not one size fits all…user experience will vary
© 2012 Liberty Group Ventures. All rights reserved6
Implications of Framework
Industry: Each Sector Will Define Adoption Identify metrics for success Facilitate information sharing within industry Defining cost-effectiveness Role for insurance….finally?
Business Small (prioritize, develop risk management process) Medium (grow risk management process) Large (share best practices and lessons learned)
© 2012 Liberty Group Ventures. All rights reserved7
Framework: The Way Ahead
NIST’s Initial Areas for Further Work Authentication Automated Indicator Sharing Conformity Assessment Cybersecurity Workforce Data Analytics Federal Agency Cybersecurity Alignment Supply Chain Risk Management International Aspects, Impacts, and Alignment Technical Privacy Standards
© 2012 Liberty Group Ventures. All rights reserved8
Framework: The Way Ahead (continued)
Government DHS role evolving
Launch of Critical Infrastructure Cyber Community Voluntary Program
Providing managed security services to states, localities who adopt framework - a good first step Work with Sector Specific Agencies in first year, expand to all CI business in future
Seeking input from small business on framework adoption More work on incentives is required
International adoption…and overcoming Snowden challenge
Need for role of US business with global presence to engage and facilitate
© 2012 Liberty Group Ventures. All rights reserved9
Framework: The Way Ahead (continued) Industry
Participate in additional workshops on implementation and areas for improvement
Adopt Framework by mapping it to existing risk management process and addressing gaps that are identified through profile development
Conduct training to “normalize” cyber risk behavior, including simulations and exercises with corporate leadership
Feedback to government: Lessons learned/what works/what doesn’t/what’s missing Industry input will shape development of Framework 2.0
Non-lifeline sector adoption Retail, Manufacturing, etc.
