Chapter 5

Success Factors

Information in this chapter:

• Prerequisites for Organizational Risk Management

• Managing the Information Security Program

• Compliance and Reporting

• Organizational Success Factors

• Measuring Security Effectiveness

Managing risk and conducting effective information security management requires a coordinated effort across all levels of an organization. The Risk Management Framework process emphasizes tasks focused on individual information systems in support of obtaining and maintaining security authorization and providing cost-effective protection for information assets commensurate with risk to the organization from operating their systems. System owners cannot successfully execute the RMF process in isolation, however, ...

Get FISMA and the Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.