430 W5 DQ1 UG
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
430 W5 DQ1
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
Reply to responses.
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
A Aaron
Evening,
The Risk Management Framework (RMF) was first intended for federal agencies but soon was adopted by organization that were in the private sector. A business can’t operate with out exposing themselves to so sort of risks like IT problems, Litigation and Loss of Capitol (Posey, 2021). The RMF is made up of five components, that are Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance. The Identification stage is to identify the risks that an organization might have, and this process is not a one-time thing as these risks might change over time. Measurement and assessment are when you create a risk profile for each that was identified in the first step and the measurement can be in the form of how much capital could be lost. Mitigation is by examining the risks and determining which risks should be eliminated and which risks are acceptable. Reporting and monitoring involves reexamining the risks to make sure the mitigation strategies the organization have adopted are serving their purposes. Governance is the process of making sure the adoption of the mitigation strategies is in place and that the employees are following the policies. RMF is more targeted towards the federal government and CSF was originally developed for critical infrastructure but has been recommended for use in organizations. CSF is aimed towards the private sector more than the federal government and does not have any Authorizing Officials (AOs) or an Authority to Operate (ATO) which RMF has ATOs to determine the authorized periods required for approval by and AO. NIST recommends that the CSF be used to strengthen the RMF. I would say that I would use the RMF to first get the framework in place then start implementing the CSF. Both of the frameworks have two entirely different end goals.
Posey, B. (2021) What is risk management and why is it important? Retrieved from
https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF#:
~:text=The%20Risk%20Management%20Framework%20is,of%20the%20United%20States%20government
.
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
“The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government” (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks” (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.
