Professional Documents
Culture Documents
Isc2 Cissp 1 12 1 Spotlight On The Risk Management Framework (RMF)
Isc2 Cissp 1 12 1 Spotlight On The Risk Management Framework (RMF)
Isc2 Cissp 1 12 1 Spotlight On The Risk Management Framework (RMF)
Objectives:
Understand and apply the recommended guidance for the NIST Risk Management
Framework (RMF) through your daily practice as an information security professional.
External Resources:
THE RISK MANAGEMENT FRAMEWORK PROVIDES A PROCESS THAT INTEGRATES SECURITY & RISK
MANAGEMENT ACTIVITIES INTO THE SYSTEM DEVELOPMENT LIFE CYCLE.
Risk-Based Approach -
1. Prepare Step -
2. Categorize Step -
Categorize the system and the information processed, stored, and transmitted by
that system based on an impact analysis (*1).
3. Select Step -
Select an initial set of baseline security controls for the system based on the
security categorization; tailoring and supplementing the security control
baseline as needed based on organization assessment of risk and local conditions.
4. Implement Step -
Implement the security controls and document how the controls are deployed
within the system and environment of operation.
5. Assess Step -
6. Authorize Step -
Authorize system operation based upon a determination of the risk to
organizational operations and assets, individuals, other organizations and the
Nation resulting from the operation of the system and the decision that this
risk is acceptable (*2).
7. Monitor Step -
Monitor and assess selected security controls in the system on an ongoing basis
including assessing security control effectiveness, documenting changes to the
system or environment of operation, conducting security impact analyses of the
associated changes, and reporting the security state of the system to
appropriate organizational officials (*3).
Footnotes: