SlideShare a Scribd company logo

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

Donald E. Hester
Donald E. Hester

Part 2 of 15 covering NIST Risk Management Framework (RMF) and (ISC)2 Certified Authorization Professional (CAP).

1 of 49
Download to read offline
What is Security Authorization? Employing an applicable Security Authorization Process Roles and Responsibilities Legal, Regulatory and Other Requirements Common Controls and Control Inheritance Risk Management Framework (RMF) Phases System Development Life Cycle (SDLC)
“Certification and accreditation is the methodology used to ensure that security controls are established for an information system, that these controls are functioning appropriately, and that management has authorized the operation of the system in is current security posture.” - Official (ISC)2 Guide to the CAP CBK (1st ed.)
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. - CNSS Instruction No. 4009
• Management • Operational • Technical • Implemented correctly • Operating as intended • Producing the desired outcome
official management decision to operate budget and business operations
“The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.” - NIST SP 800-37 rev 1
Why are Agencies riddled with security holes?
http://gcn.com/articles/2011/07/06/cyber-attacks-take-2-energy-labs-offline.aspx
What are some key factors in creating a successful RMF program?
business enabler
• Need consistent management support • Without management support people will not fulfill their obligations to the project • Without management support you will not have access to needed resources and funding • The Senior Information Security Officer (SISO) can keep the program visible by giving regular updates to c-level management
Reference: http://www.tess-llc.com/Certification%20&%20Accreditation%20PolicyV4.pdf
Life-cycle for the development of the documentation for the RMF process • Awareness • Monitoring • Enforcement • Maintenance • Retirement • Communication • Compliance • Exceptions • Creation • Review • Approval Development Implementation MaintenanceDisposal
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

Recommended

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Donald E. Hester
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
 
DSS RMF Training.pptx
DSS RMF Training.pptxDSS RMF Training.pptx
DSS RMF Training.pptx
Muhammad Mazhar
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
timmcguinness
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
James W. De Rienzo
 

Recommended

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Donald E. Hester
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
 
DSS RMF Training.pptx
DSS RMF Training.pptxDSS RMF Training.pptx
DSS RMF Training.pptx
Muhammad Mazhar
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
timmcguinness
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
James W. De Rienzo
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
LA NORMA ISO 27001
LA NORMA ISO 27001LA NORMA ISO 27001
LA NORMA ISO 27001
Audit in Italy
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
James W. De Rienzo
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptx
ssuser645549
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
Manoj Agarwal
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
himalya sharma
 
R.a 1
R.a 1R.a 1
R.a 1jenito21
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 

More Related Content

What's hot

PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
LA NORMA ISO 27001
LA NORMA ISO 27001LA NORMA ISO 27001
LA NORMA ISO 27001
Audit in Italy
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
James W. De Rienzo
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptx
ssuser645549
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
Manoj Agarwal
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
himalya sharma
 

What's hot (20)

PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
 
LA NORMA ISO 27001
LA NORMA ISO 27001LA NORMA ISO 27001
LA NORMA ISO 27001
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptx
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
 

Similar to Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
StevenTharp2
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
Muhammad Mazhar
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
HardikKundra
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
Thilak Pathirage -Senior IT Gov and Risk Consultant
 
A Monitor System in Data Redundancy in Information System
A Monitor System in Data Redundancy in Information SystemA Monitor System in Data Redundancy in Information System
A Monitor System in Data Redundancy in Information System
ijsrd.com
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
AvniJain836319
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Donald E. Hester
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
priyanshamadhwal2
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
shivanishuks
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Fameworklneut03
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
Alfred Ouyang
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec SysMicheal Isreal
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
jaggernaoma
 
BLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityBLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical Security
Major K. Subramaniam Kmaravehlu
 

Similar to Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction (20)

R.a 1
R.a 1R.a 1
R.a 1
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
 
Information Security
Information SecurityInformation Security
Information Security
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
A Monitor System in Data Redundancy in Information System
A Monitor System in Data Redundancy in Information SystemA Monitor System in Data Redundancy in Information System
A Monitor System in Data Redundancy in Information System
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
 
2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
 
BLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityBLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical Security
 

More from Donald E. Hester

Cybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOGCybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOG
Donald E. Hester
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov
Donald E. Hester
 
What you Need To Know About Ransomware
What you Need To Know About RansomwareWhat you Need To Know About Ransomware
What you Need To Know About Ransomware
Donald E. Hester
 
CNT 54 Administering Windows Client
CNT 54 Administering Windows ClientCNT 54 Administering Windows Client
CNT 54 Administering Windows Client
Donald E. Hester
 
2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment
Donald E. Hester
 
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
Donald E. Hester
 
2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments
Donald E. Hester
 
GASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second YearGASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second Year
Donald E. Hester
 
Implementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and ApplicationImplementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and Application
Donald E. Hester
 
2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update
Donald E. Hester
 
Cyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGCyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOG
Donald E. Hester
 
Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices
Donald E. Hester
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorUnderstanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Donald E. Hester
 

More from Donald E. Hester (20)

Cybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOGCybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOG
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov
 
What you Need To Know About Ransomware
What you Need To Know About RansomwareWhat you Need To Know About Ransomware
What you Need To Know About Ransomware
 
CNT 54 Administering Windows Client
CNT 54 Administering Windows ClientCNT 54 Administering Windows Client
CNT 54 Administering Windows Client
 
2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment
 
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
 
2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments
 
GASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second YearGASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second Year
 
Implementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and ApplicationImplementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and Application
 
2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update
 
Cyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGCyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOG
 
Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorUnderstanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
 

Recently uploaded

The Role of a Process Server in real estate
The Role of a Process Server in real estateThe Role of a Process Server in real estate
The Role of a Process Server in real estate
oklahomajudicialproc1
 
2024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 372024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 37
JSchaus & Associates
 
NHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdfNHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdf
AjayVejendla3
 
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
ehbuaw
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Congressional Budget Office
 
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) AmendmentPPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
ahcitycouncil
 
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
850fcj96
 
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
850fcj96
 
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
ehbuaw
 
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptxPD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
RIDPRO11
 
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
ehbuaw
 
PPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way StopPPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way Stop
ahcitycouncil
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
Antti Rautiainen
 
PACT launching workshop presentation-Final.pdf
PACT launching workshop presentation-Final.pdfPACT launching workshop presentation-Final.pdf
PACT launching workshop presentation-Final.pdf
Mohammed325561
 
PPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933FPPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933F
ahcitycouncil
 
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
ukyewh
 
Many ways to support street children.pptx
Many ways to support street children.pptxMany ways to support street children.pptx
Many ways to support street children.pptx
SERUDS INDIA
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
Get Government Grants
 
PPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services AgmtPPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services Agmt
ahcitycouncil
 
Understanding the Challenges of Street Children
Understanding the Challenges of Street ChildrenUnderstanding the Challenges of Street Children
Understanding the Challenges of Street Children
SERUDS INDIA
 

Recently uploaded (20)

The Role of a Process Server in real estate
The Role of a Process Server in real estateThe Role of a Process Server in real estate
The Role of a Process Server in real estate
 
2024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 372024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 37
 
NHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdfNHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdf
 
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
 
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) AmendmentPPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
 
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
 
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
 
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
 
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptxPD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
 
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
 
PPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way StopPPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way Stop
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
 
PACT launching workshop presentation-Final.pdf
PACT launching workshop presentation-Final.pdfPACT launching workshop presentation-Final.pdf
PACT launching workshop presentation-Final.pdf
 
PPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933FPPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933F
 
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
 
Many ways to support street children.pptx
Many ways to support street children.pptxMany ways to support street children.pptx
Many ways to support street children.pptx
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
 
PPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services AgmtPPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services Agmt
 
Understanding the Challenges of Street Children
Understanding the Challenges of Street ChildrenUnderstanding the Challenges of Street Children
Understanding the Challenges of Street Children
 

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

  • 1.
  • 2. What is Security Authorization? Employing an applicable Security Authorization Process Roles and Responsibilities Legal, Regulatory and Other Requirements Common Controls and Control Inheritance Risk Management Framework (RMF) Phases System Development Life Cycle (SDLC)
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. “Certification and accreditation is the methodology used to ensure that security controls are established for an information system, that these controls are functioning appropriately, and that management has authorized the operation of the system in is current security posture.” - Official (ISC)2 Guide to the CAP CBK (1st ed.)
  • 12. Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. - CNSS Instruction No. 4009
  • 13.
  • 14.
  • 15. • Management • Operational • Technical • Implemented correctly • Operating as intended • Producing the desired outcome
  • 16. official management decision to operate budget and business operations
  • 17. “The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.” - NIST SP 800-37 rev 1
  • 18.
  • 19.
  • 20.
  • 21. Why are Agencies riddled with security holes?
  • 22.
  • 24.
  • 25.
  • 26.
  • 27. What are some key factors in creating a successful RMF program?
  • 29.
  • 30.
  • 31.
  • 32. • Need consistent management support • Without management support people will not fulfill their obligations to the project • Without management support you will not have access to needed resources and funding • The Senior Information Security Officer (SISO) can keep the program visible by giving regular updates to c-level management
  • 33.
  • 34.
  • 36. Life-cycle for the development of the documentation for the RMF process • Awareness • Monitoring • Enforcement • Maintenance • Retirement • Communication • Compliance • Exceptions • Creation • Review • Approval Development Implementation MaintenanceDisposal