Have you ever wondered how to actually use the NIST Risk Management Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Risk Management Framework (RMF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the 7-step NIST Risk Management Framework (RMF) process, including:
-
PREPARE
-
Essential activities to prepare the organization to manage security and privacy risk
-
-
CATEGORIZE
-
Categorize the system and information processes, stored, and transmitted based on an impact analysis
-
-
SELECT
-
Select the set of NIST SP 800-53 controls to protect the system based on a risk assessment
-
-
IMPLEMENT
-
Implement the controls and document how controls are deployed
-
-
ASSES
-
Assess to determine if the controls are in place, operating as intended, and producing the desired results
-
-
AUTHORIZE
-
The senior official makes a risk-based decision to authorize the system (to operate)
-
-
MONITOR
-
Continuously monitor control implementation and risks to the system
-
Then, you will dive deeper into the framework to fully understand each of the seven steps, how they are applied in the real world and other considerations for using RMF and eMass in your career.
The NIST Risk Management Framework (RMF) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development lifecycle.
This risk-based approach to control selection and specification considers the effectiveness, efficiency, and constraints available due to applicable laws, directives, Executive Orders, policies, standards, or regulations.
By using the NIST Risk Management Framework (RMF), you can better manage organizational risk and ensure the success of your information security and privacy programs when operating within the government and defense industries.
Upon completion of this course, you will earn 4 CEUs towards the renewal of your CompTIA A+, Network+, Security+, Linux+, Cloud+, PenTest+, CySA+, or CASP+ certifications.
Risk Management Framework
The Seven Steps
-
3Risk Management Framework
-
4Summary of RMF
-
57-step Process
-
6SP800-37
-
7RMF Version 2
-
8Information Security and Privacy
-
9Authorization Boundary
-
10Supply Chain Risk Management (SCRM)
-
11Requirements Versus Controls
-
12Thoughts on RMF
-
13Flexibility
-
14Timelines
-
15Checkpoint: Risk Management Framework
Associated Topics
-
16The Seven Steps
-
17Step 1 - Prepare Your Organization
-
18Step 1 - Prepare Your System
-
19Step 1 in the Real World
-
20Step 2 - Categorize Your System
-
21Step 2 in the Real World
-
22Step 3 - Select Controls
-
23Step 3 in the Real World
-
24Step 4 - Implement Controls
-
25Step 4 in the Real World
-
26Step 5 - Assess Controls
-
27Step 5 in the Real World
-
28Step 6 - Authorize the System
-
29Step 6 in the Real World
-
30Step 7 - Monitor the System
-
31Step 7 in the Real World
-
32Checkpoint: The Seven Steps