Preparing to Manage Security and Privacy Risk with NIST's Risk Management Framework

Focused View

Bobby Rogers

3:10:00

48 View

01 - Course Overview

01 - Course Overview.mp4

01:34

02 - Reviewing the RMF

02 - Reviewing the RMF.mp4

06:30

03 - RMF Publications.mp4

03:50

04 - Assessing Risk.mp4

06:25

05 - Managing Risk.mp4

02:36

06 - Summary.mp4

00:34

03 - Initiating Organizational Preparation

07 - Developing the Organizational Risk Culture.mp4

05:03

08 - Risk Strategy.mp4

03:37

09 - Risk Methodology.mp4

01:50

10 - Risk Policy and Procedures.mp4

05:26

11 - Appointing Key Risk Personnel.mp4

05:49

12 - RMF Organizational Preparation Tasks.mp4

03:30

13 - Summary.mp4

01:06

04 - Identifying System Stakeholders and Assets

14 - Identifying System Stakeholders and Assets.mp4

03:38

15 - Understanding Stakeholder Needs.mp4

01:41

16 - Senior Management.mp4

03:40

17 - Mission and Business Process Owners.mp4

02:03

18 - System and Information Owners.mp4

01:43

19 - Systems Personnel.mp4

03:57

20 - Risk Practitioners.mp4

05:04

21 - Identifying Stakeholder Assets.mp4

05:33

22 - Summary.mp4

01:26

05 - Preparing the System

23 - Preparing the System.mp4

05:50

24 - Preparation Workflow.mp4

04:15

25 - Mission, Business Function, and Processes.mp4

00:55

26 - System Architecture and Authorization Boundary.mp4

01:30

27 - System Registration.mp4

01:49

28 - Summary.mp4

00:56

06 - Categorizing the System

29 - Reviewing Categorization.mp4

04:53

30 - RMF Categorization Tasks.mp4

01:47

31 - How to Categorize a System.mp4

03:44

32 - Determine Protection Needs.mp4

02:09

33 - Summary.mp4

01:03

07 - Preparing for a System Risk Assessment

34 - Overall Preparation.mp4

05:52

35 - Documentation Preparation.mp4

03:29

36 - Control Preparation.mp4

03:42

37 - System Preparation.mp4

04:24

38 - Test Plans.mp4

02:26

39 - Summary.mp4

01:16

08 - Performing a System Risk Assessment

40 - Assessment Methods.mp4

04:15

41 - Assessment Guidance.mp4

03:08

42 - RMF Assessment Tasks.mp4

03:39

43 - Performing the Assessment.mp4

06:14

44 - Assessment Reporting.mp4

03:23

45 - Summary.mp4

01:04

09 - Case Study - Globomantics Risk Assessment

46 - Case Study - Globomantics Company Profile.mp4

04:18

47 - Organizational Preparation.mp4

06:01

48 - Identifying System Stakeholders and Assets.mp4

03:22

49 - System Preparation.mp4

03:17

50 - System Categorization.mp4

05:58

51 - Preparing for a System Risk Assessment.mp4

04:11

52 - Performing a System Risk Assessment.mp4

08:37

53 - System Authorization.mp4

02:15

54 - Continuous Monitoring.mp4

02:41

55 - Summary.mp4

01:02

Description

Risk management is a critical element of security and compliance in today's IT infrastructures. This course will demonstrate the advanced skills you need to effectively manage cyber risk, security, and compliance with governance using the RMF.

What You'll Learn?

Risk is a necessary evil in today’s modern government, corporate, and private networks. Managing this risk is a careful balancing act between art and science, and focuses on three interrelated, critical aspects of systems: risk, system and data security, and compliance with governance. Organizations must have a proven methodology of managing cyber risk, security, and compliance. In this course, Preparing to Manage Security and Privacy Risk with NIST's Risk Management Framework, you will continue your studies on the RMF beyond the fundamentals of the processes and procedures that make up the framework. You will gain the advanced knowledge necessary to apply the methods and techniques presented in the RMF to manage cyber risk in the “real world”. First, you will learn how to categorize systems based on the information they process and their criticality to the organization. You'll also learn how to manage risk stakeholder needs, and ensure that both the organization and the target systems are prepared to undergo the RMF lifecycle. Next, you will see how controls are baselined and implemented on systems, and how to realistically assess those controls. Finally, you will discover system accreditation decisions and how to make sure your system gets its Authorization to Operate, as well as conduct continuous risk monitoring. By the end of this course, you'll be thoroughly knowledgeable on what it takes to actually manage a system throughout its RMF lifecycle.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Risk Management

Bobby Rogers

Instructor's Courses

Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assurance and is pursuing a doctoral degree in cybersecurity from Capitol Technology University in Maryland. His many certifications include CISSP-ISSEP, CEH, and MCSE: Security, as well as the CompTIA A+, Network+, Security+, and Mobility+ certifications.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.