Experience sharing on introducing NIST CSF to address cybersecurity risks
The ISO/IEC 27001 is already a universal information security standard in the financial industry. In addition to continuing to maintain the validity of ISO/IEC 27001 certification, we began to think about how to continue to "consciously" strengthen the company's information security. Therefore, at the end of 2024, we overcame many difficulties and obtained the first NIST CSF certification in Taiwan's financial industry.
Through the Cybersecurity Framework proposed by the National Institute of Standards and Technology (NIST), we use the core framework and five implementation levels of the NIST CSF to examine the maturity of the company's information security governance, find our shortcomings in information security management, and then strengthen it in stages according to the risk level and company resources to build a more complete information security management structure.
The bitter blood and tears of introducing the NIST CSF certification process will be shared through this speech. I hope it will bring you inspiration and gain.
TOPIC / TRACK
CISO Forum
LOCATION
Taipei Nangang Exhibition Center, Hall 2
7F 701G
LEVEL
General General sessions explore new
cybersecurity knowledge and
non-technical topics, ideal for those with limited or no
prior cybersecurity knowledge.
SESSION TYPE
Breakout Session
LANGUAGE
Chinese
SUBTOPIC
NIST Cybersecurity Framework
Governance
Certification
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。