Designing and Building a Cybersecurity Program

The UMass cybersecurity program is based on the NIST Cybersecurity Framework and the 20 critical security controls (CSCs). The objective is to protect university assets against the latest cyberthreats. Key program capabilities include designing, building, running, testing, and managing a comprehensive cybersecurity program; aligning the university cybersecurity program with industry best practices; managing and protecting critical university assets throughout their life cycle; identifying and assigning (or acquiring) the appropriate level of resources and investments; and establishing an implementation roadmap and comprehensive communications plan. Starting in the fall of 2015, UMass began offering cybersecurity consulting and operations services to some of its key business customers. These services match closely the services and capabilities provided to the university campuses. This presentation will outline the UMass cybersecurity program and describe how Qualys solutions are used to enhance it.

OUTCOMES: Learn what goes into designing, building, running, testing, and managing a comprehensive cybersecurity program * Learn how to manage and protect critical assets throughout their life cycle * Learn how to map assets to the 20 CSCs using Qualys