1-Hour Program

See Credit Details Below

Overview

The National Institute for Standards and Technology (NIST) has released an update to its initial cybersecurity framework in the form of NIST CSF 2.0. NIST 2.0 integrates the comprehensive view of managing cyber risk included in NIST 1.0, and adds exponentially by expanding in both breadth and depth.  Its scope has been broadened beyond protecting critical infrastructure to include all business sizes, industries, and cybersecurity maturity levels. And, it has an added core function beyond the initial five included in NIST 1.0 (identify, protect, detect, respond, and recover) named “govern.” These expansions are part of a more general recognition that cybersecurity no longer belongs in the silo of the IT department or with the CISO, but must be part of the overall enterprise risk management process that senior business leaders, and the counsel who advise them, consider and evaluate.  

Topics to be covered:

  • Introduction to NIST Cybersecurity Framework (10 minutes)
  • NIST 1.0 history, organization, and concerns (10 minutes)
  • NIST 2.0 expansion and key changes (25 minutes)
    • Expanded scope and frameworks for additional businesses
    • Addition of sixth core function, “Govern,” and restructuring of other functions
    • Profiles and Quick Start Guides
  • How to use the framework to analyze and reduce cybersecurity risk (15 minutes)
    • NIST and board oversight
    • NIST and the SEC Cybersecurity Rules



Who Should Attend: In-house counsel, outside attorneys, CISOs or similar, and other industry professional interested in cybersecurity

Program Level: Overview

Prerequisites: None

Advanced Preparation: None



Faculty:

Beth George

Freshfields Bruckhaus Deringer LLP


Tracy Wilkison

FTI Consulting, Inc.

Credit Details