Scribd Logo
Unggah

Selamat datang di Scribd!

  • Cyb110 Week 1

    Diunggah oleh

    Paul Nelson
    17 tayangan5 halaman
    Risk Management

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOCX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Risk Management

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    17 tayangan5 halaman

    Cyb110 Week 1

    Diunggah oleh

    Paul Nelson
    Risk Management

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    Running head: RISK MANAGEMENT FRAMEWORK 1

    Risk Management Framework\CIA

    Paul Nelson

    CYB/110

    DENIS BROOKER

    05/06/2019
    RISK MANAGEMENT FRAMEWORK 2

    The Risk Management Framework (RMF) is a set of criteria that dictate how

    United States government IT systems must be architected, secured, and monitored.

    Originally developed by the Department of Defense (DoD), the RMF was adopted by the

    rest of the US federal information systems in 2010. (Petters, 2018) The Risk Management

    Framework provides a process that integrates security and risk management activities

    into the system development life cycle. The risk-based approach to security control

    selection and specification considers effectiveness, efficiency, and constraints due to

    applicable laws, directives, Executive Orders, policies, standards, or regulations. The

    selection and specification of security controls for a system is accomplished as part of an

    organization-wide information security program that involves the management of

    organizational risk---that is, the risk to the organization or to individuals associated with

    the operation of a system.

    The management of organizational risk is a key element in the organization's

    information security program and provides an effective framework for selecting the

    appropriate security controls for a system---the security controls necessary to protect

    individuals and the operations and assets of the organization. There’s several companies

    that will help you with protecting your data. Instead of using the term used by the CIA

    triad, they use words like Identify which seems a lot like Confidentiality, your sensitive

    and at risk data and systems (including users, permissions, folders, etc.); Protect, seems a

    lot like Integrity, that data, manage access, and minimize the risk surface; While

    Monitor seems a whole lot like Availability, to detect what’s happening on that data,

    who’s accessing it, and identify when there is suspicious behavior or unusual file activity.
    RISK MANAGEMENT FRAMEWORK 3

    Sensitive business data is more vulnerable today than ever before. Corporate trade

    secrets, national security information, personal medical records, Social Security and

    credit card numbers are all stored, used, and transmitted online and through connected

    devices. (Janacek, 2015). The threat is real, laptops are being stolen or lost giving access

    to important data. That is a true statement if policies is not put into place to safeguard

    these valuable assets. There are many ways to protect your data. Encrypting your hard

    drive is a sure way to protect your data. Password protect your laptop from incidental

    tampering. After reading the above article, I never thought about placing files in different

    locations. That can be a learning tool. This will make things harder, for the would be

    hacker, gaining access to your files example, My Documents folder.

    EndPoint Protection is a good tool to protect sensitive files. This toll prevents files

    from being accessed without proper controls and can be controlled remotely. Do not

    forget your USB (Flash Drives), most forget to encrypt these as well. The flash drives can

    be lost easily or even left in other computers as well as printers. When you work on

    sensitive documents that you transferred to your flash drive and lets’ say you take the

    flash drive to a friends’ house, even better, the library to do some touch up. You forget the

    flash drive in a library computer. Maybe an hour later, you remember, you go back to the

    library, but the flash drive is nowhere to be found. You have just committed a data breach.

    Threat to Data-at-Rest Confidentiality Suggestion on Countering


    Integrity
    the Threat
    Availability
    The threat that attackers are able to Confidentiality Data Encryption
    RISK MANAGEMENT FRAMEWORK 4

    compromise a cloud service and gain access


    to their data that is processed by and/or
    stored in the Cloud.
    The “insider threat” where a malicious or Availability Data Encryption
    rogue administrator steals a physical disk
    drive or server that contains data the
    customer has in the cloud service
    The threat that a government uses a Availability Data Encryption
    subpoena or warrant to get access to the
    customer’s data in the cloud without their
    knowledge
    (Rains, 2015)
    RISK MANAGEMENT FRAMEWORK 5

    References

    Petters, J. (2018). What is the Risk Management Framework (RMF)? Retrieved from

    https://www.varonis.com/blog/risk-management-framework/

    Rains, T. (December 1, 2015). Cloud security controls series: Encrypting Data at Rest. Retrieved

    from https://www.microsoft.com/security/blog/2015/09/10/cloud-security-controls-series-

    encrypting-data-at-rest/

    Anda mungkin juga menyukai