The Security & Privacy Bunch, aka “NIST RMF 2.0” presented at GlobalPrivacySummit 2019

by Ellen Pilliterri,

Summary : Here’s the story of a lovely security publication, the Risk Management Framework (RMF). It’s the story of emerging privacy engineering. Yet both were all alone—‘til one day when security met privacy engineering, and they knew it was much more than a hunch. That they must somehow form a new suite of publications. That’s the way it became the Security & Privacy Bunch, aka “NIST RMF 2.0.” Privacy and information security are independent and separate disciplines, yet are closely related, making it essential to take a coordinated approach to identifying and managing security and privacy risks and complying with applicable requirements. While information security risk management is commonly understood, privacy risk management is relatively new and emerging to address risks that are not sufficiently covered by compliance and regulation alone. In this interactive session, the speakers will tell the story of integrating security and privacy into NIST risk management publications, detailing the benefits, challenges and lessons learned in bringing these two “families” together, as well as walk through a use case demonstrating how the RMF process can be applied. The session will cover NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework (RMF 2.0), which provides a disciplined and structured process that integrates information security, privacy, and risk management activities into the systems development life cycle.What you’ll take away:Understand the Risk Management Framework (RMF) and how it can be used to manage privacy risks through an interactive use caseLearn about the updates made to the RMF in its latest revisionDiscover how privacy and security risk management programs can collaborate to manage risk holistically