Back to Resources

Combining NIST CSF and FAIR to Drive Better Cyber Risk Decisions - RiskLens Sponsored Webinar

Video with Slides

Video recording and slide deck below

If you are a private sector organization driving your security program forward with the NIST-CSF framework, or a U.S. Government Agency working to adhere to the NIST Framework for Improving Critical Infrastructure Cybersecurity, you're on the right track to better outcomes.

But you need to understand that while these frameworks seek to help "drive standards, guidelines and best practices to manage cybersecurity-related risk" they do not actually help you truly understand those risks in business terms.

A few months ago, NIST formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S. and effectively the same framework U.S. Government Agencies are mandated to follow.

This is a major milestone in the history of FAIR. It means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management. See FAIR officially listed in the Informative Reference Catalog on the NIST CSF website.

By marrying these NIST frameworks with FAIR - you get the best of both worlds. FAIR is the magic sauce that leading thinkers at Fortune 1,000 organizations and government agencies are using in tandem with NIST to drive better, smarter investments.

Hear from Jack Freund on how the NIST CSF and FAIR mapping works. Hear from Ian Amit on how he has applied NIST CSF and FAIR in his security practice.

Download Now