Mastering NIST Risk Management Framework (RMF)

سرفصل های دوره

Navigating Federal Standards, Control Implementation, and Continuous Monitoring

1. Foundations of Risk Management

1. Introduction to Organizational Security Risk Management

2. Strategic Governance and Risk Management

3. Risk Types and Risk Handling Strategies

4. Overview of the Risk Management Process

5. Identifying and Categorizing the Risk Environment

6. Risk Assessment

7. Designing for Effective Risk Management

8. Evaluating Candidates for Control

9. Implementing Risk Management Controls

10. Assessment and Effectiveness of Risk Controls

11. Sustainment

12. Evaluation of the Risk Management Function

2. Exploring Risk Management Frameworks

1. Survey of Existing Risk Management Frameworks

2. Making Risk Management Tangible

3. Formal Architectures

4. General Shape of the RMF Process

5. RMF Implementation

6. International Organization Standarts

7. OSI 31000 Implementation Process

8. COSO Enterprise Risk Management Framework

9. Health Information Trust Alliance Common Security Framework

10. NIST SP 800-30 and NIST SP 800-39 Standarts

3. Security Categorization and Frameworks

1. Step 1 - Categorize Information and Information Systems

2. Security Impact Analysis

3. FIPS 199, Standards for Security Categorization of Federal Information + Systems

4. FIPS 199, Standards for Security Categorization of Information Types

5. CNSSI No. 1253, Security Categorization and Control Selection for NSS

6. Implementation of Step 1 Security Categorization

7. Security Categorization from the Organizational Perspective

8. Establish Relationships with Organizational Entities

9. Prepare an Organization-Wide Guidance Program

10. Security Categorization from Management Prospective

11. Preparing for System Security Categorization

12. System Security Categorization Step2 , Step 3 and Step 4

13. Obtain Approval for the System Security Category and Impact Level

4. Security Control Selection and Implementation

1. Step 2 - Select Security Controls

2. Understanding Control Selections

3. Federal Information Processing Standarts

4. Implementation of Step 2 - Select Security Controls

5. Select Initial Security Control Baselines and Minimum Assurance Requirements

6. Apply Scoping Guidance to Initial Baselines

7. Determine Need for Compensating Controls

8. Supplement Security Controls

9. Complete Security Plan

10. Other Control Libraries

5. Security Control Implementation Strategies

1. Step 3 - Implementing Security Controls

2. Implementation of the Security Controls Specified by the Security Plan

3. A System Perspective to Implementation

4. A Management Perspective to Implementation

5. Establishing Effective Security Implementation Through Infrastructure Management

6. Security Implementation Projects and Organization Portfolios

7. Document the Security Control Implementation in the Security Plan

6. Security Control Assessment and Remediation

1. Step 4 - Assess Security Controls

2. Components of Security Control Assessment

3. Control Assessment and the SDLC

4. Ensuring Adequate Control Implementation

5. Assessment Plan Development, Review and Approval

6. Security Control Assessment Procedures and Methodologies

7. Prepare the Security Assessment Report

8. Initial Remedy Actions of Assessments Findings

7. Security Authorization and System Deployment

1. Step 5 - Authorize Preparing the Information System for Use

2. Elements of Risk Management

3. Certification and Accreditation

4. Application of the RMF

5. Security AuthorizationsApprovals to Operate

6. Certification of the Correctness of Security Controls

7. Particular Role of Requirements

8. Preparing the Action Plan

9. Preparing the Security Authorization Package

8. Continuous Security Monitoring and Control Maintenance

1. Step 6 - Monitor Security State

2. Sustaining Effective Risk Monitoring

3. Structuring the Risk-Monitoring Process

4. Sustaining an Ongoing Control-Monitoring Process

5. Establishing a Continuous Control Assessment Process

6. Conducting Continuous Monitoring

7. Quantitative Measurement Considerations

8. Keeping the Control Set Correct over Time

9. Applied NIST Risk Management Framework and Control Evaluation

1. Practical Applications of the NIST Risk Management Framework

2. Certification and Accreditation in the Federal Space

3. The E-Government Act

4. Implementing Information Security Controls and Evaluating the Control Set

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy