Implementing NIST's Risk Management Framework (RMF)

Challenges in IT today include balancing security, functionality, risk, and compliance, all with limited resources. In this course, you'll learn how the NIST Risk Management Framework can help you do all of this by providing a formal process.
Course info
Level
Intermediate
Updated
Feb 28, 2019
Duration
3h 53m
Table of contents
Course Overview
Understanding Security, Risk, and Compliance
Using RMF Publications
Discovering the Cybersecurity Framework
Understanding the RMF
RMF Preparation
Categorizing Information Systems
Selecting Security Controls
Implementing Security Controls
Assessing Security Controls
Authorizing Information Systems
Monitoring Security Controls
Description
Course info
Level
Intermediate
Updated
Feb 28, 2019
Duration
3h 53m
Description

Managing risk is one of the primary goals of businesses, particularly in the information security program. Risk management provides the vehicle for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective risk management program, considering the organization’s environment, threats, resources, and sensitivity of its data. In this course, Implementing NIST's Risk Management Framework (RMF), you'll gain a solid foundation and knowledge on the risk management aspect of security, as well as, how to employ the RMF to effectively deal with risk and compliance in your organization. First, you'll learn how to categorize systems based upon criticality and impact, select the appropriate security controls, and then implement those controls. Next, you'll also learn how to conduct control and risk assessments. Finally, you'll learn about the system authorization process and how monitoring the effectiveness of controls and ever-changing risk, by performing continued assessments and reauthorization processes, can help you truly manage cyber risk in the organization. By the end of this course, you'll be well-versed in the NIST RMF and how it can help you with both compliance and security.

About the author
About the author

Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.

More from the author
More courses by Bobby Rogers