12. Exercise: Risk Mgmt. Frameworks

Question 1.

Task Description:

Review the following Risk Management Framework documentation and answer the questions below:

Task List:

Task Feedback:

Great! Now try to answer the questions below:

Question 2.

Which framework might be your best choice if your organization plans on working closely with the federal government?
SOLUTION: NIST RMF

Question 1.

Which risk measurement approach do you believe would be the best if you wanted to understand exactly how much in revenue a data breach event might cost your organization?
SOLUTION: FAIR

Question 3.

QUESTION:

If you want to apply the NIST RMF to an existing system, what Risk Management Framework step would you start with and why?

ANSWER:

You may wish to start with the Assess controls step given that the system already exists and, therefore, would like have some existing controls. However, the RMF is meant to be cyclical so, depending on the system's maturity you may begin with other steps such as Categorize system to initially validate that the existing controls are applicable.

Next Concept