Implementing NIST's Risk Management Framework (RMF)
By Bobby Rogers
Course info



Course info



Description
Managing risk is one of the primary goals of businesses, particularly in the information security program. Risk management provides the vehicle for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective risk management program, considering the organization’s environment, threats, resources, and sensitivity of its data. In this course, Implementing NIST's Risk Management Framework (RMF), you'll gain a solid foundation and knowledge on the risk management aspect of security, as well as, how to employ the RMF to effectively deal with risk and compliance in your organization. First, you'll learn how to categorize systems based upon criticality and impact, select the appropriate security controls, and then implement those controls. Next, you'll also learn how to conduct control and risk assessments. Finally, you'll learn about the system authorization process and how monitoring the effectiveness of controls and ever-changing risk, by performing continued assessments and reauthorization processes, can help you truly manage cyber risk in the organization. By the end of this course, you'll be well-versed in the NIST RMF and how it can help you with both compliance and security.
Section Introduction Transcripts
Course Overview
(Music) Hi, everyone. My name is Bobby Rogers, and welcome to the Implementing NIST's Risk Management Framework course. I'm a cybersecurity analyst, and I work as a contractor securing information systems and data for the U.S. Government, specializing in cyber risk management. Have you ever seen anyone just put a system or a network online without regard to security or if they're even allowed to do that? The federal government requires that all of its systems be authorized to operate before they can be brought online using the NIST Risk Management Framework or RMF. That's why we've produced this course that covers how to use the RMF within your organization. We're going to talk about the major things you need to know to effectively establish or improve a risk-management program using the RMF. Some of the major topics that we'll cover include the new RMF, RMF publications, the 7-step RMF process, and assessing controls. By the end of this course, you'll understand how to use the RMF to help secure your information systems as well as meeting component requirements and managing cyber risk. Before beginning the course, you should be familiar with basic security concepts and terminology such as confidentiality, integrity, and availability, as well as governance concepts. I hope you'll join me on this journey to learn about the RMF with the Implementing NIST's Risk Management Framework course from Pluralsight.