• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

risk mangement framework

risk management magazine

February 6, 2014 by Bruce Brown Leave a Comment

I am looking for a decent risk management magazine online.  The first ones I found were  RM Risk Management Magazine (rmmagazine.com) from the Risk Management Society (rims.org) and RMProfessional (RMP).  RM is a little too broad since it included things like industrial, health, safety and insurance.  Similarly, RMProfessional (RMP) covers OTHER aspects of risk management. So for this site, our focus is security risk management.  While these are very serious risk management issues, I was hunting for a risk management magazine for Information Technology and Information Security.

risk management magazine-H9-BIBLE
risk management magazine H9-BIBLE

A more relevant SECURITY risk management magazine would be CSO Online (http://www.csoonline.com) which focuses on security risks.. not industrial, insurance and safety.  CSO covers security news, security jobs, data protetions, indentification & access, business continuity, security leadership and physical security.  I think that there name CSO is taken from Chief Security Officer.

Of course if you are calling ALL security magazines “risk management magazine” then there are thousands.  But I would not say that and online hacker magazine like Phrack was a risk management mag, but you could get away with calling it security.  There are many others such as 2600, Hack9 then there are pentesting online magazines like Pentest Mag.  All of these focus on the “threat” side of the risk scale.  Where the risks come from? How the threat exploit the vulnerability, how effective is the threat, what happens when the threat is implemented.  All of these could qualify as information security related sites by but not really risk managements.  Why?  Because they are missing one major piece.. Management.

 risk management magazine?

 

Filed Under: NIST Security Framework, risk management Tagged With: CSO Online, nist risk management framework 800-37, rims, risk management magazine, risk mangement framework, rmf

risk management guide

February 5, 2014 by Bruce Brown Leave a Comment

If you are looking for a risk management guide there are several references text to choose from.  NIST SP 800-37, Risk Management Framework, ISO 31000:2009 Risk Management,  ISACA RISK IT Framework, and ITSG-33 are all pretty good risk management guides

NIST SP 800-37,  Guide for Applying the Risk Management 

The US federal government uses NIST SP 800-37.  The Defense Department uses DIARMF on which this site is based and DIARMF is based on NIST SP 800-37.  The document is comprehensive and branches in to several other documents:  NIST SP 800-39, Risk Management Security, NIST SP 800-30, Risk Assessment, NIST SP 800-53, Security controls and many others.  The NIST risk management guides were developed by National Institute of Standards and Technology (NIST) in collaboration with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS).

ISO 31000:2009 Risk Management Guide

ISO 31000:2009, Risk Management is a practical guide designed for any organization.  Designed by the International Organization for Standardization (ISO) 31000: 2009 offers a robust open standard for risk management framework.

 

ISACA RISK IT Framework

ISACA Risk IT Framework provides complete end to end guide for risk management of information technology addressing security threats exploiting asset vulnerabilities for corporations.

ITSG – IT Security Risk Management guide

Created by the Government of Canada’s, the ITSG is a IT Security Risk management guide ITSG-33 covers roles, responsibilities and activities of the Canadian risk management.

 

 

Filed Under: NIST Security Framework, risk management Tagged With: COBITS, ISO 31000 2009 Risk Management, ITSG, nist risk management framework, nist risk management framework 800-37, risk, risk management guide, risk mangement framework, rmf, security risk

risk management framework ppt

February 2, 2014 by Bruce Brown Leave a Comment

I will post an alternate version of some of my old risk management framework ppt slides.  I used to teach FISMA, NIST, and DIACAP to DIARMF.   I have a lot of content and know a lot about this subject.  For now here is some other public works:

  • risk management framework ISACA (RiskIT)-Overview
  • risk management frame work ppt

 

Filed Under: risk management Tagged With: risk assessment worksheet, risk management framework ppt, risk mangement framework, rmf

risk assessment model

January 23, 2014 by Bruce Brown Leave a Comment

The risk assessment model is decomposed in NIST SP 800-37, Guide for Risk Assessments.

risk identification
risk identification

The risk assessment model is designed to identify threat sources and events, identify vulnerabilities and predisposing conditions, determine likelihood of occurrence, determine magnitude of impact and finally determine risk. Some of the devices used to do this are risk register:

Risk Register Template – version a Risk Register Template – version b

The risk assessment model is only one part of the risk management process in DIARMF and other risk management frameworks:

risk evaluation
risk evaluation

 

Filed Under: NIST Security Framework, risk management Tagged With: risk, risk assessment, risk assessment model, risk assessment reports, risk management, risk mangement framework, rmf, security assessment reports

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in