Perspectives related to the academia discipline.
“There are many security frameworks, but we found that the Cybersecurity Framework was well-aligned with our main objective, which was to establish a common language for communicating cybersecurity risks across the Division….The Cybersecurity Framework enabled the BSD to identify security requirements as a set of target outcomes to be achieved, while enabling departments to maintain internal processes and procedures regarding how to achieve those outcomes. As a result…. each department has gained an understanding of BSD’s cybersecurity goals and how these may be attained in a cost-effective manner over the span of the next few years. Using the Cybersecurity Framework helped foster information sharing and good practices among departments.”
Biological Sciences Division of the University of Chicago
Applying the Cybersecurity Framework at the University of Chicago: An Education Case Study
“We wanted to develop an action plan for cybersecurity. Based on the Cybersecurity Framework, the Baldrige Cybersecurity Excellence Builder enables us to strategically choose where we are going to invest our time or resources. It has helped us explain to people outside information security what we do and to hone our communication skills, especially with the senior leaders of the organization so they can be advocates for us. It’s enabled deliberate reflection on what is and isn’t working well, what are our gaps are, what we should be offering, and how that might diverge from where we are today. This framework also has allowed us to open the door to a lot more people for this conversation.”
Steffani Webb, Vice Chancellor for Administration, University of Kansas Medical Center
“We’re a big believer here of the CSF, mainly because it allows communication of cyber risk up, down, and across the organization and because it is so descriptive and not prescriptive….the CSF does lend itself to match ups with almost any [other frameworks. For] …a university, where education is in its own critical infrastructure sector, but we play in almost all of the other critical information sectors, it allows us to talk to the NIH with the same language…and any of the groups that we work with.”
Sean Sweeney, Chief Information Security Officer, University of Pittsburgh
CERT Podcast Series: Security for Business Leaders - How the University of Pittsburgh Is Using the NIST Cybersecurity Framework
Resources related to this user group.