In February 2013, the President released Executive Order (EO) 13636 which called for NIST to develop a voluntary Cyber Security Framework for Critical Infrastructure Sectors. The Framework was to provide a “prioritized, flexible, repeatable, performance-based, and cost effect approach” to manage cyber security risk. This EO led to the release of NIST’s Cybersecurity Framework (CSF) in February of 2014.
NIST’s CSF is composed of 3 parts:
Framework Implementation Tiers
The Department of Energy (DOE) subsequently released the Energy Sector’s Cybersecurity Framework Guidance in January of 2015 using the Cybersecurity Capability Maturity Model (C2M2) the recommended tool for implementing the NIST CSF. DOE advocates the use of C2M2 because of its widespread use, sector specific guidance, and because DOE has provided mapping from C2M2 to the NIST CSF.
Key Takeaways from this Webinar:
1. An Overview of DOE’s C2M2 and NIST CSF Implementation Guidance
2. Lessons learned and our methodology for implementation of the NIST CSF
3. Proof-of-concept demonstration for our automated C2M2 to NIST CSF tool
4. Planned next steps or future enhancements
The Presenter: This webinar will be presented by guest speaker, Christopher S. Taylor, a senior Engineering Analyst for Southern Company’s IT Security Team
Who should attend: Energy professionals
Scheduled for one hour, this SGIP webinar is offered at no charge and open to SGIP Members and non-members.