Risk management is a critical element of security and compliance in today's IT infrastructures. This course will demonstrate the advanced skills you need to effectively manage cyber risk, security, and compliance with governance using the RMF.
Risk is a necessary evil in today’s modern government, corporate, and private networks. Managing this risk is a careful balancing act between art and science, and focuses on three interrelated, critical aspects of systems: risk, system and data security, and compliance with governance. Organizations must have a proven methodology of managing cyber risk, security, and compliance. In this course, Preparing to Manage Security and Privacy Risk with NIST's Risk Management Framework, you will continue your studies on the RMF beyond the fundamentals of the processes and procedures that make up the framework. You will gain the advanced knowledge necessary to apply the methods and techniques presented in the RMF to manage cyber risk in the “real world”. First, you will learn how to categorize systems based on the information they process and their criticality to the organization. You'll also learn how to manage risk stakeholder needs, and ensure that both the organization and the target systems are prepared to undergo the RMF lifecycle. Next, you will see how controls are baselined and implemented on systems, and how to realistically assess those controls. Finally, you will discover system accreditation decisions and how to make sure your system gets its Authorization to Operate, as well as conduct continuous risk monitoring. By the end of this course, you'll be thoroughly knowledgeable on what it takes to actually manage a system throughout its RMF lifecycle.
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.
Course Overview Hi everyone. My name is Bobby Rogers, and welcome to the Preparing to Manage Security and Privacy Risk with NIST Risk Management Framework course. I'm a cybersecurity analyst, and I work as a contractor securing information systems and data for the US government specializing in cyber risk management. Are you familiar with the RMF steps and processes, but find it difficult to actually implement the RMF in the real world? The federal government requires that all of its systems be authorized to operate before they can be put on the network using the NIST risk management framework, or RMF. That's when we produced this course that covers how to actually implement the steps of the RMF on your systems. We're going to discuss and demonstrate the key tasks you need to perform to effectively manage security risk and privacy using the RMF. Some of the major topics that we will cover include the system and risk stakeholders, preparing the organization and its systems for the RMF lifecycle, implementing and managing security controls, and preparing for and executing a system level assessment. By the end of this course, you'll understand how to apply the RMF to manage security and privacy on your systems, as well as meet compliance requirements. Before beginning this course, you should be familiar with basic risk management concepts and the RMF lifecycle, as well as security management processes. I hope you'll join me on this journey to learn about the RMF with the Preparing to Manage Security and Privacy Risk with the NIST Risk Management Framework course, at Pluralsight.