Software Engineering Institute

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (Pitt), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). The University of Pittsburgh is a large, decentralized institution with a diverse population of networks and information types. The challenge of balancing academic freedom with security and protection of research data is put to the test every day.

The use of the CSF, created by NIST as a common starting point for improving the cybersecurity of critical infrastructure providers, has proven valuable to help Pitt understand its baseline security posture, prioritize gaps, and set a target profile for improvement. The flexibility of the five NIST CSF categories (Identify, Protect, Detect, Respond, Recover) provide a solid starting point from which to understand the information security practices that are already in place at Pitt and the practices that are needed to improve the overall program. The podcast is based on a presentation available here.