Mastering NIST Risk Management Framework (RMF)

Focused View

Stefan Toshkov Zhelyazkov

9:27:31

21 View

1. Foundations of Risk Management

1. Introduction to Organizational Security Risk Management.mp4

21:39

2. Strategic Governance and Risk Management.mp4

16:45

3. Risk Types and Risk Handling Strategies.mp4

14:32

4. Overview of the Risk Management Process.mp4

03:45

5. Identifying and Categorizing the Risk Environment.mp4

06:25

6. Risk Assessment.mp4

07:01

7. Designing for Effective Risk Management.mp4

09:17

8. Evaluating Candidates for Control.mp4

05:17

9. Implementing Risk Management Controls.mp4

10:11

10. Assessment and Effectiveness of Risk Controls.mp4

04:43

11. Sustainment.mp4

04:54

12. Evaluation of the Risk Management Function.mp4

05:01

2. Exploring Risk Management Frameworks

1. Survey of Existing Risk Management Frameworks.mp4

05:20

2. Making Risk Management Tangible.mp4

03:20

3. Formal Architectures.mp4

04:04

4. General Shape of the RMF Process.mp4

04:57

5. RMF Implementation.mp4

10:42

6. International Organization Standarts.mp4

12:54

7. OSI 31000 Implementation Process.mp4

06:09

8. COSO Enterprise Risk Management Framework.mp4

15:58

9. Health Information Trust Alliance Common Security Framework.mp4

03:39

10. NIST SP 800-30 and NIST SP 800-39 Standarts.mp4

12:19

3. Security Categorization and Frameworks

1. Step 1 - Categorize Information and Information Systems.mp4

05:15

2. Security Impact Analysis.mp4

08:54

3. FIPS 199, Standards for Security Categorization of Federal Information + Systems.mp4

03:56

4. FIPS 199, Standards for Security Categorization of Information Types.mp4

05:31

5. CNSSI No. 1253, Security Categorization and Control Selection for NSS.mp4

03:38

6. Implementation of Step 1 Security Categorization.mp4

05:17

7. Security Categorization from the Organizational Perspective.mp4

02:30

8. Establish Relationships with Organizational Entities.mp4

05:45

9. Prepare an Organization-Wide Guidance Program.mp4

03:59

10. Security Categorization from Management Prospective.mp4

05:15

11. Preparing for System Security Categorization.mp4

11:46

12. System Security Categorization Step2 , Step 3 and Step 4.mp4

11:05

13. Obtain Approval for the System Security Category and Impact Level.mp4

05:23

4. Security Control Selection and Implementation

1. Step 2 - Select Security Controls.mp4

04:47

2. Understanding Control Selections.mp4

11:58

3. Federal Information Processing Standarts.mp4

07:04

4. Implementation of Step 2 - Select Security Controls.mp4

07:39

5. Select Initial Security Control Baselines and Minimum Assurance Requirements.mp4

05:44

6. Apply Scoping Guidance to Initial Baselines.mp4

11:40

7. Determine Need for Compensating Controls.mp4

04:38

8. Supplement Security Controls.mp4

09:00

9. Complete Security Plan.mp4

08:10

10. Other Control Libraries.mp4

06:18

5. Security Control Implementation Strategies

1. Step 3 - Implementing Security Controls.mp4

02:45

2. Implementation of the Security Controls Specified by the Security Plan.mp4

16:52

3. A System Perspective to Implementation.mp4

11:19

4. A Management Perspective to Implementation.mp4

06:45

5. Establishing Effective Security Implementation Through Infrastructure Management.mp4

05:12

6. Security Implementation Projects and Organization Portfolios.mp4

09:11

7. Document the Security Control Implementation in the Security Plan.mp4

03:25

6. Security Control Assessment and Remediation

1. Step 4 - Assess Security Controls.mp4

05:15

2. Components of Security Control Assessment.mp4

05:20

3. Control Assessment and the SDLC.mp4

04:44

4. Ensuring Adequate Control Implementation.mp4

04:43

5. Assessment Plan Development, Review and Approval.mp4

05:24

6. Security Control Assessment Procedures and Methodologies.mp4

08:03

7. Prepare the Security Assessment Report.mp4

03:39

8. Initial Remedy Actions of Assessments Findings.mp4

05:31

7. Security Authorization and System Deployment

1. Step 5 - Authorize Preparing the Information System for Use.mp4

03:49

2. Elements of Risk Management.mp4

05:52

3. Certification and Accreditation.mp4

04:50

4. Application of the RMF.mp4

06:26

5. Security AuthorizationsApprovals to Operate.mp4

03:07

6. Certification of the Correctness of Security Controls.mp4

05:52

7. Particular Role of Requirements.mp4

04:51

8. Preparing the Action Plan.mp4

04:22

9. Preparing the Security Authorization Package.mp4

11:26

8. Continuous Security Monitoring and Control Maintenance

1. Step 6 - Monitor Security State.mp4

04:07

2. Sustaining Effective Risk Monitoring.mp4

05:17

3. Structuring the Risk-Monitoring Process.mp4

04:08

4. Sustaining an Ongoing Control-Monitoring Process.mp4

05:39

5. Establishing a Continuous Control Assessment Process.mp4

05:43

6. Conducting Continuous Monitoring.mp4

06:58

7. Quantitative Measurement Considerations.mp4

05:16

8. Keeping the Control Set Correct over Time.mp4

06:54

9. Applied NIST Risk Management Framework and Control Evaluation

1. Practical Applications of the NIST Risk Management Framework.mp4

04:40

2. Certification and Accreditation in the Federal Space.mp4

04:07

3. The E-Government Act.mp4

03:33

4. Implementing Information Security Controls and Evaluating the Control Set.mp4

18:22

Description

Navigating Federal Standards, Control Implementation, and Continuous Monitoring

What You'll Learn?

Familiarize Yourself with the Risk Management Framework Guide for Federal Information Systems
Gain Proficiency in the Security and Privacy Control Guide for Federal Information Systems and Organizations
In-Depth Study of NIST Standards - SP 800-37, SP 800-53, and SP 800-53A
Analyzing Security Impacts
Decode FIPS 199 and FIPS 200 Standards
Navigate the 4-Step Security Categorization Process
Craft a Sound Security Controls Baseline Selection Strategy
Expertly Document the Security Control Implementation within the Security Plan
Prepare a Thorough Security Assessment Report
Undertake Certification and Accreditation
Real-World Applications of the NIST Risk Management Framework
Implementation of Information Security Controls and Rigorous Evaluation of the Control Set

Who is this for?

Anyone Interested in Information Security

Information Security Professionals

IT Managers and System Administrators

Compliance and Regulatory Experts

What You Need to Know?

Basic Computer Skills

Internet Access

Foundational Knowledge

More details

Description
Are you ready to become a certified expert in risk management and security control? Dive deep into the intricacies of the NIST Risk Management Framework (RMF) with our comprehensive online course. From understanding federal standards to hands-on control implementation and continuous monitoring, this course equips you with the knowledge and skills needed to excel in the field of information security and boost your understanding of best practices.

In the first phase, we lay the foundation for security and privacy management within an organization. We equip you with essential tools to prepare your organization for the comprehensive journey ahead.

Diving into Organizational Security Risk Management: This section delves into the realm of organizational risk management by shedding light on the various risks that senior leadership must discern. It underscores the importance and advantages of risk management and underscores the relevant information security regulations that leaders must take into account in their risk management endeavours.Â

Exploring Existing Risk Management Frameworks In the third segment, we embark on an exploration of diverse models that can be harnessed to implement the NIST RMF. The objective here is to offer a comparative evaluation of these models and showcase the unique qualities that set the NIST framework apart from its counterparts.
Classifying Information and Information Systems This phase commences with a detailed explanation of security impact analysis. It also explores CNSSI 1253 Security Categorization and Control Selection for National Security Systems, as well as FIPS 199 Standards for Security Categorization of Federal Information and Information Systems. These resources are examined, compared, and contrasted to serve as guidance for organizations in the information system categorization process. The primary focus here revolves around comprehending the tables provided in NIST SP 800-60, Guide for Mapping Types of Information and Information Systems, security categories, and the utilization of FIPS 199 for implementing the security categorization process within the NIST RMF.

Handpicking Security Measures: This portion opens with an introduction to FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, which plays a pivotal role in defining security boundaries and establishing minimum security prerequisites. It also delves into the contents of the security plan and the continuous monitoring strategy, both of which are integral outcomes of the control selection process.

Executing Security Measures: The sixth section kicks off with an examination of the system development life cycle (SDLC) and elucidates the timing of activities associated with security control implementation. It emphasizes the significance of the standards development and acquisition processes in crafting an organizational information security architecture that seamlessly integrates with the enterprise architecture.

Scrutinizing Security Measures Here, we initiate our discussion by employing NIST 800-30, Guide for Conducting Risk Assessments, as a guide to comprehending the security risk assessment process. It's important to grasp that security risk assessment and security control assessment are distinct yet interrelated processes. This segment chiefly concentrates on how to use NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizationsâ€”Building Effective Assessment Plans, which encompasses the development of a security control assessment plan. This section underscores how, through a well-structured security control assessment based on an established plan, organizations can identify and address potential security risks.

Authorizing Information Systems: The initial component of this section offers an exhaustive exploration of the creation and distribution of the security authorization package. This package includes critical components such as the security plan, security assessment report, and the plan of action and milestones. We initiate our discussion with an examination of the criteria that these components must meet, along with the formulation of a plan of action and milestones. This section illustrates that the plan acts as a roadmap for rectifying security vulnerabilities or shortcomings identified during the security control assessment.

Maintaining Security Vigilance: In this segment, we place a strong emphasis on the strategies associated with continuous security control assessments, plans for addressing remediation, procedures for updating documentation and plans, implementation of security status reporting mechanisms, strategies for ongoing risk assessment and acceptance, and secure practices for information system decommissioning.

The final section offers a wealth of real-world insights through practical case studies, presenting model scenarios for implementing the RMF in diverse organizational contexts. These case studies provide a concrete understanding of the practicalities and challenges of enterprise risk management, offering valuable strategies for RMF implementation across different settings.

Who this course is for:
Anyone Interested in Information Security
Information Security Professionals
IT Managers and System Administrators
Compliance and Regulatory Experts

User Reviews

Rating

average 0

Total votes0

Focused display

Hello, I'm an experienced AI engineer and natural language processing enthusiast with a passion for building intelligent chatbot applications. I hold a Master's degree in Computer Science and have spent over a decade in the field of artificial intelligence, specializing in language modeling and chatbot development. My teaching style is all about making complex AI concepts accessible and practical for learners of all levels. I believe in providing clear explanations, real-world examples, and hands-on projects that reinforce the concepts learned. You'll find a supportive and engaging learning environment in my courses, where questions are encouraged, and curiosity is nurtured.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.