Risk Analysis/Management

Risk Management Framework

The RMF is a standardized process to ensure relevant assets are being protected, monitored, and changes to how these steps are happening are performed in a timely and organized manner.

NIST RMF

Prepare - Establish context and priorities
Categorize - ... the relevant information system(s), and information processed
Select - ... the initial set of baseline controls for the information system(s)
Implement - ... the controls identified in the previous setp
Asses - A third party asses the controls and verifies that they are properly applied to the system(s)
Authorize - The system(s) is granted or denied an Authorization to Operate (ATO)
Monitor - ... the system(s) continously to ensure compliance

Risk Analysis Strategies/Types

Qualitative - more situation and scenario based, rather than simply math
Quantitative - assign dollar figures to assets

Risk Analysis/Management

Risk Management Framework​

NIST RMF​

Risk Analysis Strategies/Types​

Risk Management Framework

NIST RMF

Risk Analysis Strategies/Types