Larry Wilson

Larry Wilson

CISO

University of Massachusetts President's Office

Larry Wilson is the former Chief Information Security Officer (CISO) for the University of Massachusetts President’s Office. In this role, Larry is responsible for developing, implementing and overseeing compliance with the UMASS Information Security Policy and Written Information Security Plan (WISP).

In addition to designing a cybersecurity program for the University, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. This includes his role as Adjunct Faculty at the University of Massachusetts in the Computer Science Department. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations and Practitioners courses, The NIST 800-171 Protecting Controlled Unclassified Information (CUI) in Non-Federal Systems, The CIS Controls, etc.

Larry also provides consulting services to mid-sized and large enterprises. The consulting focuses mainly on designing and building cybersecurity programs based on The NIST Cybersecurity Framework and the CIS Critical Controls. He has completed DoD projects based on the NIST 800-53 standard.

Sessions

Building a NIST-Compliant Cybersecurity Program

Tuesday, July 30th
1:00pm2:00pm
Five years after its initial release, the NIST Cybersecurity Framework is still a gold-standard process for prioritized, flexible, repeatable, performance-based and cost-effective approach to managing cybersecurity risk at all levels in an organization. The framework is applicable to organizations of all sizes and sectors. This presentation will address using the NIST Cybersecurity Framework for building a cybersecurity program (engineering, technology and business) that’s addresses today’s cybersecurity landscape and cyber risks, providing attendees with assessments, executive scorecards and a road map to remediate control gaps.

In this session, attendees will learn how to:
  • Describe the three main components of the NIST Cybersecurity Framework: the Core Functions, the Implementation Tiers, and the Current and Target Profiles
  • Explore how implementing the NIST Cybersecurity Framework protects critical IT resources and information assets before an attack, during an attack and after an attack
  • Investigate how organizations use the NIST Cybersecurity Framework is used for communicating expectations and deliverables within an organization, with external service providers and with regulatory agencies

Session Slides