SEM01A - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (separate registration is required)

Monday, May 01 | 8:30AM–12:00PM | Denver Ballroom 1-3, Lower Level 2
Session Type: Additional Fee Program
Delivery Format: Preconference Seminar
The goal of this seminar is to share an approach used by the University of Massachusetts for designing and building a cybersecurity program based on the NIST Cybersecurity Framework. The program is based on a set of independent modules organized into a "controls factory" delivery model. The controls factory helps organize the engineering, technical, and business functions of a cybersecurity program. The program is completely adaptable, which means that each of the modules can easily be updated, replaced, or modified with minimal impact on the overall solution. Organizations are free to choose the minimum set of controls needed to establish a current security profile and, over time, incrementally adopt additional controls that will improve program maturity.

Outcomes:Better understand cyberthreats and how they map to the Cyber Attack Chain and the NIST Cybersecurity Framework * Discuss the 3 key areas of the NIST Cybersecurity Framework (Framework Core, Implementation Tiers, Current and Target Profile) * Learn about a repeatable/adaptable approach for designing a cybersecurity program


  • Larry Wilson

    Chief Information Security Officer, University of Massachusetts Central Office