May 2021 Chapter Meeting
Deconstructing the FUDD Chain:
NIST Risk Management Framework
If you are in the DRBC profession, you are very familiar with the propensity for the industry to use acronyms. Within the Cyber community, even more so! Our speaker for May, Jennifer Kurtz, is an expert on the topic of Cyber continuity (and all the acronyms!), and she shared her expertise with our members and guests. Her presentation covered the basics of the NIST (National Institute of Science and Technology) Risk Management Framework (RMF), with extensive coverage of the FUDD (Fear, Uncertainty, Doubt, and Disinformation) affecting those of us who plan, prepare, test, exercise, and respond to natural or manmade disasters.
Jennifer discussed the relationship of Cyber events with other types of hazards to which the Risk Management Framework approach is applied. Cyber has led the news stories in recent days:
Jennifer reviewed the seven steps within the RMF and outlined the tools and equipment needed for the practice.
Jennifer also provided an example of a Cloud Consumer Bill of Rights and included a matrix of top cyber security industry resources.
Speaker:
Jennifer Kurtz is cyber program director for Manufacturer's Edge, Colorado's NIST manufacturing extension partner. She also participates in the following:
Jennifer was a member of the National Security Council Staff, the Council on International Economic Policy, and the US Arms Control and Disarmament Agency. She holds an MBA and PMP certification, as well as a BA in international studies from The American University in Washington, DC.
Jennifer discussed the relationship of Cyber events with other types of hazards to which the Risk Management Framework approach is applied. Cyber has led the news stories in recent days:
- The “Darkside” attack on the 5.5K pipeline in the eastern US extracted a $4.4M payout; some demands exceed $25M
- The Conti ransomware group has targeted 16 US healthcare and first responder networks
- Hackers steal files and encrypt servers and workstations, then set up an online portal to collect payments; stolen data is sold or posted publicly if the ransom demands are not paid
Jennifer reviewed the seven steps within the RMF and outlined the tools and equipment needed for the practice.
Jennifer also provided an example of a Cloud Consumer Bill of Rights and included a matrix of top cyber security industry resources.
Speaker:
Jennifer Kurtz is cyber program director for Manufacturer's Edge, Colorado's NIST manufacturing extension partner. She also participates in the following:
- NIST MEP Cybersecurity Steering Group (Manufacturing Extension Partnership Program)
- Colorado Cybersecurity Leaders Collaborative
- Consultant with the Denver Metro and Pikes Peak SBDCs (Small Business Development Centers)
- Cybersecurity industry advisory group for Arapahoe Community College
- Board member of the Colorado Rocky Mountain Chapter of the Association of Continuity Professionals
- Faculty member at Ball State University and Regis University.
Jennifer was a member of the National Security Council Staff, the Council on International Economic Policy, and the US Arms Control and Disarmament Agency. She holds an MBA and PMP certification, as well as a BA in international studies from The American University in Washington, DC.