Using the NIST Cybersecurity Framework to Guide your Security Program


Presented by: Chris Lietz, CISSP, CISA, CISM, CRISC, CGEIT, CTPRP Principal, Cyber Risk Advisory, Coalfire
and Bob Post, CISSP, Sr. Director, Cyber Risk Advisory, Coalfire



Cyber risk management is a priority in all industries, including fuel and petroleum retailing, and savvy security professionals are rapidly adopting voluntary, business-oriented, public-domain frameworks to guide their programs. Such frameworks provide a host of benefits due to their business-orientation, flexibility and cross-references to multiple standards and compliance mandates like the PCI DSS.

One such framework is the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework (CSF), published and maintained by the National Institute of Standards and Technology (NIST). The Cybersecurity Framework was first published in February 2014 following a collaborative process involving industry, academia and government agencies, as directed by a presidential executive order. The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation’s critical infrastructure, such as bridges and the electric power grid, but the framework has been widely adopted by many types of organizations across the country and around the world. 


  • Receive an introduction to the CSF
  • Learn how to relate the CSF to compliance programs (e.g., PCI, HIPAA, SOX) and other security frameworks (e.g., ISO/IEC 27001, NIST 800-53r4, CIS CSC)
  • Get recommendations on how to use the CSF to successfully guide a business-oriented cyber risk management program

Download a PDF of this webinar presentation:

Cybersecurity, Risk Management