Security Congress Abstract
This session provides practical cybersecurity assessment advice. It details the end-to-end process including: scoping, work papers, scheduling, on-site assessment, report preparation and presentation.
The first assessment example leverages the NIST Cybersecurity Framework to ensure coverage across security domains. Sample scoping questions will be provided, along with tips and examples to add controls based on business processes, insider threat, privacy and fraud.
This session also addresses follow-on assessments. Attendees are encouraged to evaluate lines of business and to take deep dives into critical functions. Tips and examples are provided to leverage best practices, creating specific testing procedures.
Upon returning to work, attendees should be able to conduct an assessment and understand how to develop new testing procedures, adapting to changes in the threat landscape.