Risk Management Framework(as set up by NSIT, USA) involves concepts from these three domains:
1. Information Security (Protecting data, access to data, use of data)
2. Software Development Life Cycle (SDLC)
3. Risk Management (A management perspective dealing with assets and their explicit and implicit value)
The concepts involved in Risk management Framework are the six basic steps included in it, which are as follows:-
Step 1: Categorize
All the info system along with the information processed, information stored, and information transmitted by that system is categorised on the basis of an impact analysis. Here the vested party(s) is/are identified.
Step 2: Select
Following categorisation, an initial set of baseline security controls is set up for the information system . These controls are specifically tailored and they supplement the security control baseline. This baseline is as needed, on the basis of an organizational assessment done for risk and local conditions. Thus, after this step, if there are any overlays applying to the system, they also get added.
Step 3: Implementation
Here Step 1 and 2 security controls are applied.
Step 4: Assessment
In this step, a third party entity will assess the controls. It will also verify that the controls get properly applied to the system in question.
Step 5: Authorization
Here the information system is usually granted (or the opposite)/ denied an Authority to Operate (ATO). A major fact to note here is that in some cases it may be postponed, allowing time for certain items to be fixed. This Authority to Operate(ATO) is based on the report from step 4 Assessment.
Step 6: Monitoring
Here the security controls in the information system(from all previous steps) are monitored in a pre-planned fashion . This planning ideally should be well documented earlier in the process. In Industry practice usually ATO is good for 3 years, following which every 3 years this whole process needs to be repeated.
Discuss the concepts involved in the risk management framework. no copying and pasting. answer in your...
please answer in your own words and no copying or pasting. What are some of the common elements that drive Iranian and North Korean network intrusions? please answer in your own words and no copying or pasting
Explain how an organization’s strategy relates to security. please answer in your own words. no copying and pasting
Explain how an organization’s strategy relates to security. please answer in your own words. no copying and pasting
In your own words Discuss the difference between virtualization and cloud computing. Please no copying and pasting
please answer in your owm words&please no copying and pasting. compare and contrast corporate espionage with economic or industrial espionage?
Discuss in your own words the application of risk management techniques needed to make a facility safer. Please give detailed examples.
Please no copying or pasting and no plagiarism. write 400–600 words that respond to the following questions with your thoughts, ideas, and comments. Conduct research using the library and Internet for information about electronic crime scenes and digital evidence collection. Explain what you consider to be the most important step to do while at a crime scene involving electronic evidence, and why you think this is most important. Please provide references.
Discuss the key concepts an framework below: Transformed/Transforming resources
in your own words help me discuss on how Marketers spend a lot of time talking about consumer wants and needs. A marketer's role is to find a way to convince consumers that we "need" their products. Think about is Walmart doing a good job making you feel like a want is a need. no copying and pasting Thank you and Happy Thanksgiving
In your own words, define Risk Management and Quality Management. Compare and contrast the similarities and differences.