RMF Risk Management Framework NIST Approach (RISK-101-NIST)



RMF Risk Management Framework NIST Approach (RISK-101-NIST)

This is a closed class. It requires a contract. On-site for 22 people.

Days: 5 Days Labs: Yes –Local Cyber Range

Type of Course: Advanced   Security / Managerial

Prerequisites: None

About this course: Maps to the NICE Information Assurance Compliance Securely Provision specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems’ development.  Risk Management using NIST special publications focuses on overseeing, evaluating, and supporting the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization’s information assurance and security requirements. Provides a broad introduction to organizational information systems security risk management concepts and information assurance best practices, approached from the perspective of aligning organizational mission and risk management postures with key information technology cybersecurity processes and best practice information security cyber defense techniques.

Goals: Appropriate treatment of risk, compliance, and assurance from internal and external perspectives. You will specifically learn how to integrate the following NIST documents into your risk management process: SP800-37 R2, SP800-39, SP800-30, and SP800-160

Topics: Security architecture concepts, system and information classification management, system diagnostic tools, technology supply chain risk management, cryptography requirements, and system testing, evaluation and remediation processes. We frame activities under the NIST Risk Management Framework, which is a comprehensive six-step systems development and cybersecurity risk management process, from system inception to a fully operational and continuously monitored and remediated systems environment

Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.

Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures.  Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.