Implementing NIST's Risk Management Framework (RMF)

Challenges in IT today include balancing security, functionality, risk, and compliance, all with limited resources. In this course, you'll learn how the NIST Risk Management Framework can help you do all of this by providing a formal process.
Course info
Level
Intermediate
Updated
Feb 28, 2019
Duration
3h 54m
Table of contents
Course Overview
Understanding Security, Risk, and Compliance
Using RMF Publications
Discovering the Cybersecurity Framework
Understanding the RMF
RMF Preparation
Categorizing Information Systems
Selecting Security Controls
Implementing Security Controls
Assessing Security Controls
Authorizing Information Systems
Monitoring Security Controls
Description
Course info
Level
Intermediate
Updated
Feb 28, 2019
Duration
3h 54m
Description

Managing risk is one of the primary goals of businesses, particularly in the information security program. Risk management provides the vehicle for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective risk management program, considering the organization’s environment, threats, resources, and sensitivity of its data. In this course, Implementing NIST's Risk Management Framework (RMF), you'll gain a solid foundation and knowledge on the risk management aspect of security, as well as, how to employ the RMF to effectively deal with risk and compliance in your organization. First, you'll learn how to categorize systems based upon criticality and impact, select the appropriate security controls, and then implement those controls. Next, you'll also learn how to conduct control and risk assessments. Finally, you'll learn about the system authorization process and how monitoring the effectiveness of controls and ever-changing risk, by performing continued assessments and reauthorization processes, can help you truly manage cyber risk in the organization. By the end of this course, you'll be well-versed in the NIST RMF and how it can help you with both compliance and security.

About the author
About the author

Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.

More from the author
More courses by Bobby Rogers
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music) Hi, everyone. My name is Bobby Rogers, and welcome to the Implementing NIST's Risk Management Framework course. I'm a cybersecurity analyst, and I work as a contractor securing information systems and data for the U.S. Government, specializing in cyber risk management. Have you ever seen anyone just put a system or a network online without regard to security or if they're even allowed to do that? The federal government requires that all of its systems be authorized to operate before they can be brought online using the NIST Risk Management Framework or RMF. That's why we've produced this course that covers how to use the RMF within your organization. We're going to talk about the major things you need to know to effectively establish or improve a risk-management program using the RMF. Some of the major topics that we'll cover include the new RMF, RMF publications, the 7-step RMF process, and assessing controls. By the end of this course, you'll understand how to use the RMF to help secure your information systems as well as meeting component requirements and managing cyber risk. Before beginning the course, you should be familiar with basic security concepts and terminology such as confidentiality, integrity, and availability, as well as governance concepts. I hope you'll join me on this journey to learn about the RMF with the Implementing NIST's Risk Management Framework course from Pluralsight.