NIST announced today that they released the final version of Special Publication 800-37 Rev 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
This update supersedes NIST SP 800-37 Revision 1 (2014) and is the first framework in the world to address security, privacy, and supply chain risk in a holistic comprehensive manner. The framework integrates risk management of these disciplines at the mission and organizational process levels. It is very important for Cybersecurity practitioners, IT auditors, governance professionals, and all those in the IT field to understand how the new guidance from NIST impacts their organization.
ISACA GWDC will look to highlight the impact of these changes at future conference and education events.
Jason joined ISACA in 2006 and presently serves as GWDC President. He’s served on the Chapter Board of Directors since 2014. Jason is very involved with ISACA International and some of his volunteering consists of serving on the Chapter Services Working Group, Leadership Development Advisory Council, and contributing significantly to CISA and CISM exam preparation content. Jason is a Senior Manager within IBM’s Cybersecurity and Biometrics Practice. He holds the CISSP-ISSAP, CISA, CISM, and PMP.