Government Policy Roundtable: Understanding the NIST Risk Management Framework

Presented at Black Hat USA 2014, Aug. 6, 2014, 11:45 a.m. (60 minutes)

With the increase of data breaches by several companies and organizations, the SEC, FTC, and other agencies are considering tougher cyber security regulations and rule making policies to force companies to increase their info security. On the other hand, the National Institute for Standards and Technology (NIST) recently released a voluntary Risk Management Framework after a year of collaboration between the private and public sectors. This roundtable will look at what this voluntary framework is really designed to do, discuss the framework's strengths and areas for improvement, and discuss how organizations can focus LESS on "compliance" and paperwork exercises and MORE on risk and tangible information security improvement.

Presenters:

• Tiffany Jones - iSIGHT Partners
  Tiffany Jones is the Chief Revenue Officer for iSIGHT Partners. As CRO, Jones leads the development of business strategy and field execution. She is responsible for managing the sales, marketing, product management, alliances, channel, and delivery teams. Prior to joining iSIGHT Partners, Ms. Jones spent over a decade at Symantec in senior roles. Ms. Jones also had a distinguished career in the government as Deputy Chief of Staff at the White House Office of Cyber Security and Critical Infrastructure Protection under the leadership of Richard Clarke. In additional to her Deputy Chief of Staff duties, Jones contributed to the development of the President's National Strategy to Secure Cyberspace. Ms. Jones graduated from the Coast Guard Academy and received her commission as a Coast Guard Officer. Operational duties included Deck Watch Officer, Assistant Operations Officer and Law Enforcement Officer aboard the cutter JUNIPER in Newport, RI, Executive Officer and lead Law Enforcement Officer aboard the cutter GRAND ISLE in Gloucester, MA, and Coast Guard Congressional Affairs Liaison for the Coast Guard and Department of Transportation. Ms. Jones currently sits on the United States Coast Guard Academy Alumni Association Board of Directors and teaches cyber safety to children in K-12 as a volunteer through the National Cyber Security Alliance. She is also a member of the CSIS Cyber Commission. Ms. Jones' military awards include Coast Guard Officer of the Year Award (2002), a Coast Guard Commendation Medal, two Coast Guard Achievement Medals, numerous Commandant's Letter of Commendation Ribbons, the Coast Guard Meritorious Unit Commendation award, Coast Guard Meritorious Team Commendation award, six Special Operations Ribbons, the Sea Service Ribbon and other unit citations. Ms. Jones is married with two children, enjoys playing in her band, cooking and spending time with family and friends. She and her husband are also opening up a new microbrewery in the Northern Virginia area.

Links:

• https://www.blackhat.com/us-14/roundtables.html#Jones

Similar Presentations:

• AppSec USA 2015 / Training (1 day): Risk Management Like a Boss: Making Your Risks Work for You
• DEF CON 23 (2015) / A Hacker's Guide to Risk
• Texas Cyber Summit 2019 / CS-2024 The Risk Management Hydra and why you need multiple assessments