430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:~:text=TheRiskManagementFrameworkis,oftheUnitedStatesgovernment.
430 W5 DQ1