See Credit Details Below
Overview
The National Institute for Standards and Technology (NIST) has released an update to its initial cybersecurity framework in the form of NIST CSF 2.0. NIST 2.0 integrates the comprehensive view of managing cyber risk included in NIST 1.0, and adds exponentially by expanding in both breadth and depth. Its scope has been broadened beyond protecting critical infrastructure to include all business sizes, industries, and cybersecurity maturity levels. And, it has an added core function beyond the initial five included in NIST 1.0 (identify, protect, detect, respond, and recover) named “govern.” These expansions are part of a more general recognition that cybersecurity no longer belongs in the silo of the IT department or with the CISO, but must be part of the overall enterprise risk management process that senior business leaders, and the counsel who advise them, consider and evaluate.
Topics to be covered:
- Introduction to NIST Cybersecurity Framework (10 minutes)
- NIST 1.0 history, organization, and concerns (10 minutes)
- NIST 2.0 expansion and key changes (25 minutes)
- Expanded scope and frameworks for additional businesses
- Addition of sixth core function, “Govern,” and restructuring of other functions
- Profiles and Quick Start Guides
- How to use the framework to analyze and reduce cybersecurity risk (15 minutes)
- NIST and board oversight
- NIST and the SEC Cybersecurity Rules
Who Should Attend: In-house counsel, outside attorneys, CISOs or similar, and other industry professional interested in cybersecurity
Program Level: Overview
Prerequisites: None
Advanced Preparation: None
Faculty:
Beth George
Freshfields Bruckhaus Deringer LLP
Tracy Wilkison
FTI Consulting, Inc.