• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

risk management principles

Risk Management Techniques

February 14, 2014 by Bruce Brown Leave a Comment

Organizations with poor planning or a given budget spend more time making excuses than implementing risk management techniques.

Risk management techniques can be found in ISO 31000:2009, NIST SP 800-39, ISACA Risk IT Frame work and Canada’s ITSG-33 (see more in risk management principles).

The techniques of risk management center around looking at overall organizational security risk and asking the question, “what happens if a threat causes the organization to lose its capability?”  “Are we prepared?”

All the standards listed above actually have the same risk management techniques, but the trick is to actually implement the risk management.  You would think that is a no brainer but unfortunately, organizations KNOW what they are supposed to do for due diligence but spend time on making Risk Management Excuses of why they won’t do it rather than how the can spend time or money on risk management techniques.

Kudos to the organization that IMPLEMENTS REAL Risk management techniques with continuous monitoring within a realistic budget and not just pass the risk to someone else, or ignore the risk and make excuses with things go wrong.  As a risk management foot soldier, I KNOW how hard this can be.

 

Filed Under: NIST Security Framework, risk management Tagged With: risk management principles, risk management techniques, rmf

Risk Management Principles

February 7, 2014 by Bruce Brown Leave a Comment

Risk management principles can be found in ISO 31000:2009,  Risk management – Principles and guidelines and its companion guides ISO Guide 73:2009, Risk management – Vocabulary with has a collection of definitions relevant to the management of risk.  ISO/IEC 31010:2009, Risk management – Risk assessment techniques focuses on risk.

Other documents with risk management principles include NIST SP 800-39,  and NIST SP 800-30.

The principle of risk management center around looking at corporate risk.  What is the risk to the bottom-line of the organization?  Whether the bottom-line is money, reputation, a mission, or process.  How will the organization address risk from the top down?  Risk is addressed at every level of the organization from the very top to the bottom.  NIST 800-39 breaks this all down in tiers.

Risk management principles
Risk management principles

To address the actual risk and organization must be able to predict the likelihood of a harmful event (threat) adversely affecting an asset vulnerability.

Risk = ((Vulnerability * Threat) / Countermeasure) * Asset Value at Risk IT Risk

An organization uses a quantitative approach to analyzing and managing the risk to its resources.  To do this, they must identify the threat, the asset, the vulnerability and countermeasures (security controls) of the asset.  They must determine the level of impact that the organization would suffer if the harmful event occurs.  To determine all this they must do risk assessments.

 

 

Filed Under: NIST Security Framework, risk management Tagged With: 31000, 800-39, at risk management, ISO 31000 2009 Risk Management, nist risk management framework 800-37, NIST Risk Management Framework 800-39, risk management, risk management framework, risk management principles, rmf

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in