June 8 Partner Chapter Member ISC2 SV Event NIST SP-800-53 r5 – The Control Reference Layer: Taming the Beast

THIS EVENT IS SPONSORED BY ISC2 SILICON VALLEY (ISC)² Silicon Valley Chapter – 2021-06-08 virtual meeting (google.com)

Speaker: Robin Basham on “NIST SP-800-53 r5 – The Control Reference Layer: Taming the Beast”

Abstract: NIST SP-800-53 r5 was a long labor with a few false starts. FedRamp dependencies still include r4, however, 75 new control, enhancement or attribute elements of r5 exist in the SSP – NIST SP-800-53B.

  • NIST 800-53 is a common reference layer used in mapping nearly all other Cybersecurity Frameworks –> compounding issues in failed updates to mapping
  • NIST Addendum to Mapping ISO/IEC 27001 missing Cloud, Privacy, Processing
  • Examining common pitfalls in notation for ISO and NIST Standards? How can these be overcome?
  • Exploring data elements necessary to mapping – a walk through the schema elements (reminder to look at Schema.Org)
  • NIST 800-53 r5 v. r4
  • NIST 800 171 r2
  • NIST 800 172 Enhanced Security Requirements for Protecting Controlled Unclassified Information; A Supplement to NIST Special Publication 800-171
  • ISO/IEC 27001:2013 €, as implemented with
  • ISO/IEC 27002:2013 €, including certification for Cloud, Privacy, and PII Processors
  • ISO/IEC 27017:2015 € 27002 for cloud services
  • ISO/IEC 27018:2019 € Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  • ISO/IEC 27701:2019 € Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
  • Case Study: Mapping NIST 800-53r5 to configuration rules such as those used in CIS Benchmarks

About the speaker: Owner EnterpriseGRC Solutions, President, ISC2 East Bay, Certified Information Systems Security (CISSP), Audit (CISA), Governance (CGEIT) and Risk (CRISC), ICT GRC expert and early adopter in both certifying and offering certification programs for Cloud Security and Virtualization, with industry experience in the management of systems, controls and data for SaaS (IaaS and PaaS), Finance, Healthcare, Banking, Education, Defense, and High Tech. Positions held include Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director Enterprise Technology for multiple advisory firms, founding, engineering product and running two governance software companies, and most recently Director Enterprise Compliance for a major player in the mortgage industry, Ellie Mae. Recently full time at Cisco, Unified Compliance and ISMS Program Manager, Robin currently leads LSHC in support of three MDM clients as well as donating substantial time to supporting social platform security to further social democracy. Robin recently contributed a mapping refresh for NIST 171/172 to Dr. Ron Ross FISMA team and is currently contributing to the CCM Mapping for version 4.0. She is also a past board member to the ISACA SV Chapter.

Pre-registration required

Where: online Zoom webinar

When: Tuesday, June 8, 2021 at 06:00 PM Pacific Time

Pre-registration: https://zoom.us/webinar/register/WN_ugctymxqRXmeEc52pDXUAg

Calendar: iCal download, Google Calendar or scan QR code image

Pre-registration is required. Registration ends automatically at the scheduled start time.

After registering, you will receive a confirmation email containing information about joining the meeting.

In order to process CPEs (Continuing Professional Education points) for members, please double check your (ISC)² member number is entered correctly.

  • We will use Zoom’s webinar attendance report to compute attendees’ CPEs. To get the full 2 CPEs for the meeting requires attendance from the scheduled start time to the end of the meeting. Late arrivals and/or early departures will receive CPEs based on minutes attended, rounded down to 0.25 CPE increments.
  • If you need to self-submit your CPEs for any reason (such as not entering an (ISC)² member number), use 1 CPE per hour in 0.25 CPE increments for the portion of the 2 hours you attended. If the meeting ends before 2 hours, full attendance still counts for 2 CPEs.