Symbiosis Centre for Information Technology conducted a workshop on NIST Cyber Security Framework on 18th November, 2018. Mr. Sunit Belapure, Infosec Consultant at IBM was the speaker of the day. The session started with Mr.Belapure differentiating between Cyber Security and Information Security. He spoke about how Cyber Security has evolved and has gained prime importance in today’s scenario.
Moving on further, he gave insights about COBIT. He explained the difference between a standard and a framework. Talking about the standards, he explained about technical standards and also gave a real time example using passwords. He mentioned the importance of following the standards for setting the passwords. He also spoke about ‘Hardening’, how it standardises and adds security to the data. During the course of the session, he gave an overview of NIST Cyber Security Framework. He explained about how the latest version of the framework helps to ensure compliance with HIPAA, GDPR etc. Mr. Belapure clearly explained about the objectives of the NIST Framework and spoke about the core components of it. He gave a vast description about Framework cores, profiles and the implementation tiers. Going deeper in to the topic, he spoke about the Capability Maturity Model Index and about the implementation tiers of NIST. He explained in detail about all the tiers and its importance. While the students were inquisitive to know more about topic, he mentioned about Access kinds and explained that it is of three types namely – General, Privileged, Remote. Throwing light about data and data privacy, he mentioned its significance in the organization these days and about the various stages in the data. He told that data is an ‘Asset’ to any organization and it is also mentioned in the Asset side of the Balance sheet. He explained how the data can be identified, protected, detected, responded and recovered.
He gave various examples which the students were able to connect to and that induced them to be highly interactive and paved way to ask more and more questions. The session was very much informative and enhanced the scope of learning in the domain.