This lesson discusses the risk analysis process. After completing this unit, participants will be able to support and follow the four-step risk management process and understand the factors that produce the impact level (high, medium, low) of an information system. In addition, participants will be able to accurately quantify the level of risk to an information system and decide on the effective risk management options for a system. The Risk Analysis Process is rooted in ICD 503, which went into effect on September 15, 2008 after being signed by the Director of National Intelligence (DNI). ICD 503 requires IC elements to determine risk level based on the overall effect to the mission and not only security and addresses the following policies:
- Risk management
- Reciprocity and Interconnections
- Governance and dispute resolution
What is the Risk Management Framework?
This course introduces the Department of Defense (DoD) Risk Management Framework (RMF). This course prepares participants to take the CAP Exam which consists of 125 multiple choice questions and covers the following domains: