Book description
The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader’s own organization.
- A comprehensive case study from initiation to decommission and disposal
- Detailed explanations of the complete RMF process and its linkage to the SDLC
- Hands on exercises to reinforce topics
- Complete linkage of the RMF to all applicable laws, regulations and publications as never seen before
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright page
- Dedication
- Acknowledgments
- About the Author
- Technical Editor
- Companion Website
- Chapter 1: Introduction
-
Part 1
- Introduction
- Chapter 2: Laws, Regulations, and Guidance
- Chapter 3: Integrated Organization-Wide Risk Management
- Chapter 4: The Joint Task Force Transformation Initiative
- Chapter 5: System Development Life Cycle (SDLC)
- Chapter 6: Transitioning from the C&A Process to RMF
- Chapter 7: Key Positions and Roles
-
Part 2
- Introduction
- Chapter 8: Lab Organization
- Chapter 9: RMF Phase 1: Categorize the Information System
- Chapter 10: RMF Phase 2: Selecting Security Controls
- Chapter 11: RMF Phase 3: Implementing Security Controls
- Chapter 12: RMF Phase 4: Assess Security Controls
-
Chapter 13: RMF Phase 5: Authorizing the Information System
- Abstract
- Chapter Overview and Key Learning Points
- Phase 5, Task 1: Developing the Plan of Action and Milestones (POA&M)
- Phase 5, Task 2: Assembly of the Authorization Package
- Phase 5, Task 3: Determining Risk
- Phase 5, Task 4: Accepting Risk
- Chapter 13 Lab Exercises: Authorizing the Information System
-
Chapter 14: RMF Phase 6: Monitoring Security Controls
- Abstract
- Chapter Overview and Key Learning Points
- Phase 6, Task 1: Monitoring Information System and Environment Changes
- Phase 6, Task 2: Ongoing Security Control Assessment
- Phase 6, Task 3: Ongoing Remediation Actions
- Phase 6, Task 4: Updating the Security Documentation
- Phase 6, Task 5: Security Status Reporting
- Phase 6, Task 6: Ongoing Risk Determination and Acceptance
- Phase 6, Task 7: System Removal and Decommissioning
- Chapter 14 Lab Exercises: Monitoring Security Controls
- Chapter 15: The Expansion of the RMF
- Appendix A: Answers to Exercises in Chapters 9 through 14
- Appendix B: Control Families and Classes
- Appendix C: Security Control Assessment Requirements
- Appendix D: Assessment Method Definitions, Applicable Objects, and Attributes
- Glossary
- Common Acronyms in this Book
- References
- Index
Product information
- Title: Risk Management Framework
- Author(s):
- Release date: July 2013
- Publisher(s): Syngress
- ISBN: 9780124047235
You might also like
book
Enterprise Risk Management, 2nd Edition
Unlock the incredible potential of enterprise risk management There has been much evolution in terms of …
book
Mastering Risk Management
Tony Blunden is an Executive Director of Chase Cooper Limited, a risk management solutions company that …
book
Measuring and Managing Information Risk
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by …
book
COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition
A fully updated, step-by-step guide for implementing COSO's Enterprise Risk Management COSO Enterprise Risk Management, Second …