Information in this chapter:
• Prerequisites for Organizational Risk Management
• Managing the Information Security Program
• Compliance and Reporting
• Organizational Success Factors
• Measuring Security Effectiveness
Managing risk and conducting effective information security management requires a coordinated effort across all levels of an organization. The Risk Management Framework process emphasizes tasks focused on individual information systems in support of obtaining and maintaining security authorization and providing cost-effective protection for information assets commensurate with risk to the organization from operating their systems. System owners cannot successfully execute the RMF process in isolation, however, ...