Anne Townsend, Katie Boeckl, Shane Witlatch, Sue Wang

An organization’s data is one of its most valuable assets and must be protected from unauthorized access and disclosure. Large and small data breaches can impact the survivability of an organization as operational and financial data, along with employee or customer Personally Identifiable Information (PII) can become comprised. In this session, we will discuss how industry experts and technology collaborators worked with the National Cybersecurity Center of Excellence (NCCoE) to develop practical cybersecurity guidance aimed at effectively identifying and protecting an organization’s assets that may become targets of data breaches. We will also discuss detailed methods and potential tools that can detect, respond to, and recover from incidents that affect data confidentiality, and strategies to aid in a security team’s response to such an event. We will share high-level architectures, scenarios, and the resulting reference designs that were developed, as well as security control mappings, and discuss our lab implementation of the reference designs.

Anne Townsend, Principle Cybersecurity Engineer, National Cybersecurity Center of Excellence, NIST
Katie Boeckl, Privacy Risk Strategist, NIST
Shane Whitlatch, Executive Vice President, FairWarning
Sue Wang, Principal Cybersecurity Engineer, MITRE Corporation


Anne Palm Townsend
Anne Townsend

Principle Cybersecurity Engineer
National Cybersecurity Center of Excellence, NIST

katie boeckl 431x430
Katie Boeckl

Privacy Risk Strategist
National Institute of Standards and Technology

Shane Whitlatch
Shane Whitlatch

General Manager
Healthcare, FairWarning

Sue Wang
Sue Wang

Principal Cybersecurity Engineer
MITRE Corporation