Challenges in IT today include balancing security, functionality, risk, and compliance, all with limited resources. In this course, you'll learn how the NIST Risk Management Framework can help you do all of this by providing a formal process.
Managing risk is one of the primary goals of businesses, particularly in the information security program. Risk management provides the vehicle for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective risk management program, considering the organization’s environment, threats, resources, and sensitivity of its data. In this course, Implementing NIST's Risk Management Framework (RMF), you'll gain a solid foundation and knowledge on the risk management aspect of security, as well as, how to employ the RMF to effectively deal with risk and compliance in your organization. First, you'll learn how to categorize systems based upon criticality and impact, select the appropriate security controls, and then implement those controls. Next, you'll also learn how to conduct control and risk assessments. Finally, you'll learn about the system authorization process and how monitoring the effectiveness of controls and ever-changing risk, by performing continued assessments and reauthorization processes, can help you truly manage cyber risk in the organization. By the end of this course, you'll be well-versed in the NIST RMF and how it can help you with both compliance and security.
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.
Course Overview (Music) Hi, everyone. My name is Bobby Rogers, and welcome to the Implementing NIST's Risk Management Framework course. I'm a cybersecurity analyst, and I work as a contractor securing information systems and data for the U.S. Government, specializing in cyber risk management. Have you ever seen anyone just put a system or a network online without regard to security or if they're even allowed to do that? The federal government requires that all of its systems be authorized to operate before they can be brought online using the NIST Risk Management Framework or RMF. That's why we've produced this course that covers how to use the RMF within your organization. We're going to talk about the major things you need to know to effectively establish or improve a risk-management program using the RMF. Some of the major topics that we'll cover include the new RMF, RMF publications, the 7-step RMF process, and assessing controls. By the end of this course, you'll understand how to use the RMF to help secure your information systems as well as meeting component requirements and managing cyber risk. Before beginning the course, you should be familiar with basic security concepts and terminology such as confidentiality, integrity, and availability, as well as governance concepts. I hope you'll join me on this journey to learn about the RMF with the Implementing NIST's Risk Management Framework course from Pluralsight.