Management Of Information Security, Loose-leaf Version
5th Edition
ISBN: 9781337685696
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Question
Chapter 9, Problem 20RQ
Program Plan Intro
Risk Management Framework (RMF):
- Risk Management Framework is a set of standards used for
securing the information system developed by NIST. - It is US federal government policy.
- NIST includes two publications that describe RMF.
- Guide for Applying the Risk Management Framework to Federal Information Systems.
- Security and Privacy Controls for Federal Information Systems and Organizations.
- It includes six different phases namely, categorize, select, implement, assess, authorize and monitor.
Explanation of Solution
Justification:
The formal methodology is more efficient than the previous approach for certification ...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
What is the new risk management framework initiative? How is it superior to the previous approach for the certification and accreditation of federal IT systems?
What is the initiative behind the new risk management framework? What makes it better than the prior approach for certifying and accrediting federal IT systems?
What is the goal of the new framework for risk management? What makes it superior to the
previous certification and accreditation process for government information technology
systems?
Chapter 9 Solutions
Management Of Information Security, Loose-leaf Version
Ch. 9 - Prob. 4RQCh. 9 - Prob. 8RQCh. 9 - Prob. 9RQCh. 9 - Prob. 10RQCh. 9 - Prob. 11RQCh. 9 - Prob. 12RQCh. 9 - Prob. 13RQCh. 9 - List and describe the fields found in a properly...Ch. 9 - Prob. 15RQCh. 9 - Prob. 16RQ
Ch. 9 - Prob. 1RQCh. 9 - Prob. 2RQCh. 9 - Prob. 3RQCh. 9 - Prob. 5RQCh. 9 - Prob. 6RQCh. 9 - Prob. 7RQCh. 9 - Prob. 17RQCh. 9 - Prob. 18RQCh. 9 - Prob. 19RQCh. 9 - Prob. 20RQCh. 9 - Prob. 1ECh. 9 - Prob. 3ECh. 9 - Prob. 4ECh. 9 - Prob. 1DQCh. 9 - Prob. 2DQCh. 9 - Prob. 1EDMCh. 9 - Prob. 2EDMCh. 9 - Prob. 3EDM
Knowledge Booster
Similar questions
- What is the purpose of the new risk management framework? What makes it better than the prior method of certifying and accrediting federal information technology systems?arrow_forwardWhat is the importance of risk management in information system acquisition? Can you provide examples of risks organizations might face in this process?arrow_forwardSo what really is the new risk management paradigm all about? How does it differ from the previous approach in being superior for federal IT systems?arrow_forward
- How is the new risk management framework being used at this company? What makes this approach to certifying and accrediting government IT systems better than what came before?arrow_forwardSo, could you please explain this new risk management paradigm? When compared to the previous strategy, how does this one improve upon federal IT infrastructure?arrow_forwardExamine the differences and similarities between Governance and Management with regard to IT auditing.arrow_forward
- What exactly is the new paradigm for risk management? How is this method preferable to the previous one in terms of federal IT systems?arrow_forwardWhat precisely is this new risk management paradigm, then? What makes it preferable than the previous strategy in terms of federal IT systems?arrow_forwardExplain the importance of reviewing historical documentation, including past risk assessments, business impact analyses, security policies and procedures, and incident reports, as a foundation for risk mitigation planning. How can analyzing past vulnerabilities and threats inform the identification of similar risks in the present? Discuss the trade-off between focusing on specific risks and vulnerabilities for individual systems and functions (narrow focus) versus taking a broader organizational perspective (broad focus) when planning risk mitigation strategies. Highlight the benefits and limitations of each approach.arrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Information Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage Learning
Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Fundamentals of Information SystemsComputer ScienceISBN:9781305082168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning