Paul Nelson
CYB/110
DENIS BROOKER
05/06/2019
RISK MANAGEMENT FRAMEWORK 2
The Risk Management Framework (RMF) is a set of criteria that dictate how
Originally developed by the Department of Defense (DoD), the RMF was adopted by the
rest of the US federal information systems in 2010. (Petters, 2018) The Risk Management
Framework provides a process that integrates security and risk management activities
into the system development life cycle. The risk-based approach to security control
organizational risk---that is, the risk to the organization or to individuals associated with
information security program and provides an effective framework for selecting the
individuals and the operations and assets of the organization. There’s several companies
that will help you with protecting your data. Instead of using the term used by the CIA
triad, they use words like Identify which seems a lot like Confidentiality, your sensitive
and at risk data and systems (including users, permissions, folders, etc.); Protect, seems a
lot like Integrity, that data, manage access, and minimize the risk surface; While
Monitor seems a whole lot like Availability, to detect what’s happening on that data,
who’s accessing it, and identify when there is suspicious behavior or unusual file activity.
RISK MANAGEMENT FRAMEWORK 3
Sensitive business data is more vulnerable today than ever before. Corporate trade
secrets, national security information, personal medical records, Social Security and
credit card numbers are all stored, used, and transmitted online and through connected
devices. (Janacek, 2015). The threat is real, laptops are being stolen or lost giving access
to important data. That is a true statement if policies is not put into place to safeguard
these valuable assets. There are many ways to protect your data. Encrypting your hard
drive is a sure way to protect your data. Password protect your laptop from incidental
tampering. After reading the above article, I never thought about placing files in different
locations. That can be a learning tool. This will make things harder, for the would be
EndPoint Protection is a good tool to protect sensitive files. This toll prevents files
from being accessed without proper controls and can be controlled remotely. Do not
forget your USB (Flash Drives), most forget to encrypt these as well. The flash drives can
be lost easily or even left in other computers as well as printers. When you work on
sensitive documents that you transferred to your flash drive and lets’ say you take the
flash drive to a friends’ house, even better, the library to do some touch up. You forget the
flash drive in a library computer. Maybe an hour later, you remember, you go back to the
library, but the flash drive is nowhere to be found. You have just committed a data breach.
References
Petters, J. (2018). What is the Risk Management Framework (RMF)? Retrieved from
https://www.varonis.com/blog/risk-management-framework/
Rains, T. (December 1, 2015). Cloud security controls series: Encrypting Data at Rest. Retrieved
from https://www.microsoft.com/security/blog/2015/09/10/cloud-security-controls-series-
encrypting-data-at-rest/