Risk Management

05/29/2021
"The significant increase in the complexity of the hardware, software, firmware, and systems within the public and private sectors (including the U.S. critical infrastructure) represents a significant increase in attack surface that can be exploited by adversaries" (Joint Task Force, 2018). To combat this the National Institute for Standards and Technology (NIST) developed a Risk Management Framework (RMF) that "provides a disciplined, structured, and flexible process for managing security and privacy risk".
"The RMF includes activities to prepare organizations to execute the framework at appropriate risk management levels. The RMF also promotes near real-time risk management and ongoing information system and common control authorization through the implementation of continuous monitoring processes; provides senior leaders and executives with the necessary information to make efficient, cost-effective, risk management decisions about the systems supporting their missions and business functions; and incorporates security and privacy into the system development life cycle" (Joint Task Force, 2018)


Government Utilized Risk Management Framework The NIST Risk Management Framework has six major steps:
1. Categorize the Information System
Applying standard information classification and security categorization to information systems provides us with a similar benefit to utilizing a risk management framework that is well-defined and well utilized within industry. It takes the guesswork out of the areas we are mostlikely to make mistakes when developing our own categorization or risk management systems
2. Select Controls
Not all security controls are appropriate for every information system. A key step in the risk management framework is selecting the proper security controls for the information system under evaluation.
3. Implement the Controls
This is the phase in the risk management framework where the identified controls are functionally implemented, and implementation details are carefully documented.
4. Assess the Controls
The purpose of the securing control assessment is to ensure controls are appropriate and working as intended. If controls are found to be non-compliant then remediation actions are developed, implemented and the control reassessed.
​5. Formally Authorize the System
Authorization is the process of assembling "the authorization package and submitting the package to the authorizing official for an authorization decision" (Joint Task Force, 2018, p. 69).
6. Ongoing Monitoring of the Controls
"The ultimate objective of continuous monitoring is to determine if the security controls in the information system continue to be effective over time in light of the inevitable changes that occur in the system as well as the environment in which the system operates" (USD, 2016).


Perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium totam rem aperiam eaque ipsa quae ab illo inventore veritatis.

Veniam quis nostrum exercitationem ullam corporis suscipit laboriosam nisi ut aliquid ex ea commodi consequatur quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur vel illum qui dolorem eum fugiat quo voluptas nulla pariatur.

Click here and start typing. Sit amet consectetur adipisci velit sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem ut enim ad minima veniam quis nostrum exercitationem ullam corporis suscipit laboriosam nisi ut.

Voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt neque porro quisquam est qui dolorem ipsum quia dolor sit amet consectetur adipisci velit sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem ut enim ad minima veniam quis nostrum exercitationem ullam corporis suscipit laboriosam nisi ut aliquid ex ea commodi consequatur quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam.

Accusantium doloremque laudantium totam rem aperiam eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt neque porro quisquam est qui dolorem ipsum quia dolor sit amet consectetur adipisci velit sed quia non numquam eius modi tempora incidunt ut labore.

Click here and start typing. Dolor sit amet consectetur adipisci velit sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem ut enim ad minima veniam quis nostrum exercitationem ullam corporis suscipit laboriosam nisi.

Dolorem ipsum quia dolor sit amet consectetur adipisci velit sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem ut enim ad minima veniam quis nostrum exercitationem ullam corporis suscipit laboriosam nisi ut aliquid ex.

Share
Ranjan Kunwar - Capstone
All rights reserved 2021
Powered by Webnode
Create your website for free!