Loading Events

« All Events

  • This event has passed.

Winter Member Meeting

January 22, 2020 @ 8:00 am - 11:30 am

Join our quarterly meeting to network with other WMCSC members, explore a relevant cyber topic from a guest speaker, and participate in meaningful dialogue.

Meeting agenda will be sent to WMCSC members in advance.

Breakfast is provided.

Registration is closed.  To register for this event click here.


NIST Risk Management Framework Presentation & Blending Security and Privacy Panel


Davenport University
Sneden Center, Meeting Rooms 1, 2, & 3
6191 Kraft Ave SE Grand Rapids, MI 49512


Member Meeting Agenda:
7:45 – 8:15      | Breakfast / Networking / Registration
8:20 – 8:30      | Welcome + Member Announcements & Upcoming 2020 Topics/Events
8:30 – 9:30      | Managing Security and Privacy Risk Using the NIST Risk Management Framework (RMF)
9:30 – 10:00    | Network break
10:00 – 11:00  | Blending Security and Privacy Panel
11:30                | Done




Managing Security and Privacy Risk Using the NIST Risk Management Framework
(An Interactive Use Case)

Privacy and information security are independent and separate disciplines, yet are closely related, making it essential to take a coordinated approach to identifying and managing security and privacy risks and complying with applicable requirements. While information security risk management is commonly understood, privacy risk management is relatively new and emerging to address risks that are not sufficiently covered by compliance and regulation alone. In this session, the speakers will tell the story of integrating security and privacy into NIST risk management publications, detailing the benefits, challenges, and lessons learned in bringing these two “families” together.

The session will cover NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework (RMF 2.0), which provides a disciplined and structured process that integrates information security, privacy, and risk management activities into the systems development life cycle. Executing the RMF requires close collaboration between information security programs and privacy programs. Security programs are responsible for protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Privacy programs are responsible for managing the risks to individuals associated with the creation, collection, use, processing, storage, maintenance, dissemination, disclosure, or disposal (referred to as “processing”) of personally identifiable information (PII). It can be confusing for organizations to understand how these responsibilities overlap, differ and translate into the selection of controls for the most effective mitigation of security and privacy risks.


Learning Objectives: 

  1. Understand the Risk Management Framework (RMF) and how it can be used to manage privacy risks
  2. Learn about the updates made to the RMF in its latest revision
  3. Discover how privacy and security risk management programs can collaborate to manage risk holistically


Presented by:

  • Katie Boeckl – Privacy Risk Strategist, National Institute of Standards and Technology (NIST)
  • Victoria Yan Pillitteri – Computer Scientist and Team Lead of the Federal Information Security Modernization Act (FISMA) Implementation Project, National Institute of Standards and Technology (NIST)


Blending Security and Privacy Panel

Our desire for convenience is at odds with our needs for privacy and security. But beyond that, our private data isn’t always secure, and our secure data isn’t necessarily private.

Who has it all figured out? Who is still in process of building a program?
Who has it working smoothly? Who can’t seem to get it working at all?
When it comes to working together to tackle the issues of security and privacy, are you attached at the hip or speaking a foreign language?

Join us for a discussion on how to blend the competing priorities of privacy and security!



  • Katie Boeckl – Privacy Risk Strategist, National Institute of Standards and Technology (NIST)
  • Dr. Faith Heikkila – Information Security Governance Specialist, Perrigo
  • Marcus Jones – Corporate Counsel, Alticor Inc.
  • Leah A. Voigt, JD, MPH – Vice President, Compliance & Chief Privacy Officer, Spectrum Health





January 22, 2020
8:00 am - 11:30 am
Event Category:




Davenport University
6191 Kraft Ave SE
Grand Rapids, MI 49512 United States
+ Google Map