StudyDaddy Information Systems In this assignment, students will review the federal work sector requirements and executives/organizations process to prepare for FISMA compliance as required in the Modernization Act of 2014, protect

In this assignment, students will review the federal work sector requirements and executives/organizations process to prepare for FISMA compliance as required in the Modernization Act of 2014, protect

ROAD MAP TO CERTIFICATION (PT. 1) 0







ROAD MAP TO CERTIFICATION (PT. 1)


Sean "Yogi" Stephen

CYB 515 Luis Pina

Grand Canyon University


Introduction to RMF

Risk management is trying to predict a risk that may result from unexpected or expected events, then conducting the risk evaluation to understand its effects or impacts and coming up with countermeasures to control and reduce the effects of the risk. The significant categories apply in the RMF process include identification, protection, detection, response, and recovery processes. NIST uses the risk management framework in the management of cybersecurity risks that may occur to its cybersecurity. (Nisula, J., 2018).

Based on the visual below, we observe the six steps of the risk management framework.

Explanation of the framework

For any risk management framework, the most essential and crucial step is boundary establishment and understand which part of the IT system is necessary and requires more protection. The other important step is the preparation, which involves all stakeholders in an organization to ensure that each stage of RMF is appropriately addressing. According to information from NIST, below is the explanation of the risk management framework:

  1. Information system categorization: it will also include categorizing the stored information transmitted, processed, and stored based on the impact of a risk occurrence analysis.

  2. Security controls selection: this step involves the selection of an acceptable risk level. Thus this step will include tailor and system controls to reduce a risk's effects adequately.

  3. Security control implementation: this step will describe how controls will be deployed in the operating and system environments.

  4. Security control assessment: this step will involve identifying whether controls are implemented appropriately, whether they will function as required, and will produce the results or outcomes that were expected. Additionally, assessing security control will ensure that privacy requirements are maintained and satisfying security requirements.

  5. Authorizing information system: this is the system controls that will ensure the risk is acceptable to operations and assets of the organization and other individuals.

  6. Monitoring the security controls: there will be a continuous process of monitoring the security controls that will involve documenting system changes, making a risk assessment, assessing the effectiveness of control, and security reporting. (Force, J. T., 2018).

An organization uses the following steps to act as a control mechanism and counter-strategy if cybersecurity risks occur. This process will reduce the risks and provide the firm with a framework to ensure that the network infrastructure is protected. The table below shows the controls family's summary, the number of controls, and enhancements, totaling 882 . These are the controls and sub-controls of the RMF.


My rationale for organizations using RMF as their program strategy and decisions is that the risk management framework is an essential tool used in promoting a secure infrastructure of networks for different organizations and government agencies. Additionally, it is used to protect them against cybersecurity threats. This implies that when a risk management framework is implemented, the current security program is made more sophisticated, which gradually reduces the risk of attacks on IT infrastructure. We have currently experienced an increase in cyber-attacks due to improvement and enhancement in technology, implying that firms may not know who may be targeting them. Furthermore, IT infrastructure should be protected more than physical assets . Since in case of an attack on IT infrastructure, the firm is more likely to close down compared to physical theft and damages. Due to lawsuits, loss of customer loyalty, and damaged company reputation. This implies that when an organization adopts RMF, it will be prepared for these attacks, and their impacts will be minimal. Some agencies that have adopted RMF include the United States government and DOD (Department of defense). (Larkin, P. M., 2017).

Risk management (RM) and enterprise risk management (ERM)

ERM is a process used by an organization to identify, prepare, and assess hazards, dangers, and disasters that may be either symbolic or physical that may affect the firm's operations. The risk management personnel have to access risks related to their firm, analyze them, and come up with decisions on how to handle them if they occur.

While RM is the process of identification, access, and control of risk to a firm that may affect its income and capital, some of these risks include; natural disasters, financial crisis, errors in strategic management, and other legal liabilities. For modern and digital firms, risks related to data and IT are at the top of priorities. The firm has to identify and control threats to its digital information and infrastructure.

The difference

There are several differences between the two processes, which includes the following:

ERM is multidimensional, while RM is one-dimensional. Risk management looks at the severity and impacts of a particular risk that occurred, while ERM is focused on the impact and probability of the organization being affected by the risk.

RM manages risks independently on an individual basis where departments analyze the risks without communicating with other departments, leading to more significant risks. In contrast, ERM combines the risks and understands how they depend on each other, helping the management team make decisions and allocate resources to mitigate all risk.

RM is performed on a single unit or department of business, leading to wastage of resources where it impacts a single department and not the entire organization. While ERM views the firm holistically when addressing risks and opportunities. (Meidell, A., & Kaarbøe, K., 2017).




Conclusion

In conclusion, RMF is essential to ensure that organizations are protected against the increasing threats of cybersecurity. NIST has developed this framework as a flexible, effective, and repeatable approach to protecting essential infrastructure.

This document was written on RMF and not FISMA compliance per the instructions. Also, this was turned in 7 days late. Please ensure you are reading the instructions carefully and reviewing the scoring guide to avoid losing points.

References

Nisula, J. (2018). A risk management framework for a complex adaptive transport system (Doctoral dissertation).


Force, J. T. (2018). Risk Management Framework for Information Systems and Organizations. NIST Special Publication, 800, 37.


Larkin, P. M. (2017). An integrated risk management framework for carbon capture and storage in the Canadian context (Doctoral dissertation, Université d'Ottawa/the University of Ottawa).


Meidell, A., & Kaarbøe, K. (2017). How the enterprise risk management function influences decision-making in the organization–A field study of a large, global oil and gas company. The British Accounting Review, 49(1), 39-55.



Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!