Anne Townsend, Katie Boeckl, Shane Witlatch, Sue Wang
An organization’s data is one of its most valuable assets and must be protected from unauthorized access and disclosure. Large and small data breaches can impact the survivability of an organization as operational and financial data, along with employee or customer Personally Identifiable Information (PII) can become comprised. In this session, we will discuss how industry experts and technology collaborators worked with the National Cybersecurity Center of Excellence (NCCoE) to develop practical cybersecurity guidance aimed at effectively identifying and protecting an organization’s assets that may become targets of data breaches. We will also discuss detailed methods and potential tools that can detect, respond to, and recover from incidents that affect data confidentiality, and strategies to aid in a security team’s response to such an event. We will share high-level architectures, scenarios, and the resulting reference designs that were developed, as well as security control mappings, and discuss our lab implementation of the reference designs.
Anne Townsend, Principle Cybersecurity Engineer, National Cybersecurity Center of Excellence, NIST
Katie Boeckl, Privacy Risk Strategist, NIST
Shane Whitlatch, Executive Vice President, FairWarning
Sue Wang, Principal Cybersecurity Engineer, MITRE Corporation