BIO

Greg Witte is a Senior Security Engineer for G2. He supports federal and commercial clients, primarily the NIST IT Laboratory. He has been managing information technology for over 30 years, 20 of that in the information security arena. As part of his NIST support role, he was one of several primary authors of both the NIST Cybersecurity Framework (CSF) and the NICE Workforce Framework. Drawing on that experience and his many years with COBIT, he co-wrote ISACA’s guide for Implementing the NIST Cybersecurity Framework and the associated training/certification.

ABSTRACT

The Framework for Improving Critical Infrastructure Cybersecurity (“the Cybersecurity Framework”) is a voluntary framework developed through a collaborative process by industry, academia, and government stakeholders. NIST continues, as directed by the Cybersecurity Enhancement Act of 2014, to facilitate and support the development of voluntary, industry-led cybersecurity standards and best practices for critical infrastructure.

In this session, attendees will learn about the Framework's 3 components (the Core, Profiles, and Implementation Tiers), and how those components provide an approach to prioritize cybersecurity resources, make risk decisions, and take action to reduce risk. The workshop will include hands-on exercises including some discussion about challenges observed in implementing the Framework over the last 5 years.