Thursday, November 8, 2018

NIST Cybersecurity Risk Management Conference

I'm presenting today in a 45 minute session.  It's a quick overview of previous topics, focused on the Ten Dimensions.  The emphasis in this short presentation will be on defining what "performance" means and why managing performance in cyber security is not simply a matter of implementing a list of practices. Below are the slides and relevant blog posts.

Here is an Applicability Matrix I created that shows how the existing NIST CSF 1.1 applies to each of the Ten Dimensions.  You'll notice that there are only a few blue squares, which indicates that the Ten Dimensions is a different way of carving up the space.  This has plusses and minuses, of course.  In the blog posts on the Ten Dimensions, I explain and justify.  You'll also notice that some of the Ten Dimensions are poorly covered -- 3. Effective Design & Development; 8. Effective Agility and Learning (incl.. metrics); and 9. Optimize Total Cost of Risk.

Applicability Matrix. Rows = 10 Dimensions. Columns = NIST CSF.
Darker colors = more CSF items are applicable.

No comments:

Post a Comment