Scott Foy
Consultant,
WTC Consulting, Inc.
Using the NIST Cybersecurity Framework for Information Security Program Strategic Planning
Wednesday, October 26, 2022 | 3:00PM–3:45PM MT | Board 704, Poster Area, Exhibit Hall B-E
Session Type:
Poster Session
Delivery Format:
Poster Session
WTC Consulting, Inc. (WTC) worked with a university client’s Information Security Office to develop a five-year information security program strategic plan. WTC first assessed the client’s information security program utilizing the NIST Cybersecurity Framework (CSF), identifying areas of strength and gaps in maturity levels and associated risks. WTC worked with the client to develop 35 initiatives to improve maturity levels in targeted security controls and planned the implementation time frames and cost requirements associated with the initiatives. WTC projected improvements to the information security program maturity levels referencing the NIST CSF.
