2024 NYSCATE/COSN CTO Clinic

This session will focus on using the Center for Internet Security (CIS) Controls to assess and improve security measures, and then mapping these controls to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) for strategic alignment and compliance with the controls identified as part of the NYSED Data Security Review.

The objective is to learn methodologies for assessing cybersecurity using CIS Controls and to discover how to map CIS Controls to NIST CSF categories and conduct a baseline gap analysis.

The workshop will include an overview of key CIS Controls, examples of effective application in educational institutions, step-by-step guidance on aligning CIS Controls with NIST CSF categories, and an interactive exercise to practice mapping based on case scenarios.