You’re probably using the NIST CSF, the most popular cybersecurity framework, as a checklist of best security practices but it could do a lot more for your organization. In fact, it could be the starting point for aligning risk, security and the business to reach a goal many organizations struggle with: proving the business value of security
That's the message you’ll hear from Richard Barretto, Manager of Security Operations for Cimpress, the multinational company best known in the US for its Vistaprint brand, in his presentation, “Prioritizing NIST CSF Activities with FAIR”, Monday, Oct. 6, 2:30-3:00 ET at the 2020 FAIR Conference.
- See the complete conference agenda
- Register for the conference (free to FAIR Institute members).
- Join the FAIR Institute.
Richard, who manages both the SOC and GRC for Cimpress, will share the roadmap Cimpress is following, and impart a lot of actionable takeaways. He’ll cover how Cimpress:
- Identified each business unit’s top risks, according to the business leaders. Converted those to cyber risk scenarios and quantified them using FAIR. With those financial values, also established risk tolerance.
- Using NIST CSF, identified recommended controls for each business unit. Mapped the controls back to FAIR to determine which would be most cost-effective and truly needed, based on top risks.
- Used a red team attack by an outside firm and the MITRE ATT&CK knowledge base to understand the most serious attack scenarios vs controls, then rated SOC responsiveness—and tied that to its ultimate impact on Loss Magnitude from FAIR.
As Richard says, the Cimpress approach, “gives us an end-to-end picture of our security program from the very low level of an attack and configurations all the way to the top.” Listen his session for all the details:
Prioritizing NIST CSF Activities with FAIR”, Monday, Oct. 6, 2:30-3:00 ET
The 2020 FAIR Conference (FAIRCON2020), the premiere global risk management conference, will be held digitally on October 6 & 7 (Tues. and Wed.). FAIRCON2020 will provide ground-breaking keynote addresses, engaging C-suite panels, and expert case study sessions through a cutting edge virtual event platform. See the agenda. REGISTER NOW!
