Welcome to the Applying the Risk Management Framework NIST 800-37a Certification Course
Chances are, your company has the mindset of ‘I’m not a target.’ In order to help overcome that, professionals must present the severity a data breach can have for an organization, while providing a plan designed to operationalize cyber security within a risk management setting so that actionable intelligence can be used to coordinate the remediation based on threats to the company.
The National Institute of Standards and Technology (NIST) established the Risk Management Framework (RMF) as a set of operational and procedural standards that a US government agency must follow to ensure compliance of its data systems.
Therefore, companies need a risk management approach to cyber security and cannot rely on annual program audits to drive improvements in security. The RMF allows an organization to prioritize aspects of cyber security across departments.
The Insider Threat: 2016 Gartner Security & Risk Management Summit
discusses risk management strategies to mitigate insider threats both unintentional and intentional.
The Risk Management Framework Application skill certification test of course teaches how to manage informational security risks, but does so in the context of a 3-step process that includes identifying the 4 risk factors and recognizing the levels of impact data breaches can have.
This test also asks students to demonstrate an understanding of how the framework can help inform and improve an existing security program by applying a risk management focus.