FISMA, NIST and the Risk Management Framework – Part 2

Invite Friends
Facebook Twitter Google+ LinkedIn Email
Description
Virtual Practice Lab
Practice Test
Resources
FISMA, NIST and the Risk Management Framework – Part 2

In this lesson, Subject Matter Expert (SME) Kelly Handerhan discusses the importance of the following documents in understanding and using the Risk Management Framework:

  • FIPS-199 and its standards for security standardization (low, moderate, and high risks and the application of the high water mark in assessing risk)
  • FIPS-200 and its minimum security requirements for the categories defined in federal information and information systems (definition of 17 security-related categories – plus an additional one used in RMF — and implementation of customized minimum baselines for security controls)
  • NIST SP 800-30, REV 1 – a guide for conducting risk assessment
  • NIST SP 800-39 – managing information security risk

In this lesson you will learn:

  • the three levels of impact of security breaches
  • how to determine an information security system category based on specific criteria
  • how to implement the minimum baseline of security controls
  • integration of security controls and an organization’s goals
  • the risk assessment three-step process in the context of four risk factors
  • types of risk assessments
  • how to manage information security risk
  • making risk management user friendly

THE DISCUSSION OF THE IMPORTANT RMF DOCUMENTS CONTINUES IN LESSON 3.

Watch the Course Intro Video
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Recommended Study Material
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Upcoming Industry Events

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

DUHK: The Technique That Got the VPN Compromised
Views: 1266 / December 10, 2017
What is Docker? [Series]
Views: 2092 / December 9, 2017
Wanna-Cry Ransomware
Views: 2077 / December 9, 2017
The Abyssal Depth of the Deep Web
Views: 2057 / December 8, 2017
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel