In Ch. 1, \"Introduction to Information Security,\" of Elementary Information Se
ID: 389757 • Letter: I
Question
In Ch. 1, "Introduction to Information Security," of Elementary Information Security, you read about National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and how it expands on the CIA concepts.
Assume that a security model is needed for the protection of information in your class.
In a 1/2- to 1-page paper, describe the RMF and how it relates to the CIA concepts and expands on them. Explain how this framework is used to address the need to protect information in your class.
Explanation / Answer
Risk Management Framework (RMF) ; It is described as structured system designed by the Organisation, that include the process of recognising the potential risks in the market and also explains the strategy for reducing the effect of these risks.It provides the system to scan or record and analyse this strategy.It is based on the common information security framework.
The main goals of RMF are given below:
RMF relates to the CIA: CIA concept (Confidentiality, Integrity and Availability) provide the framework that helps the RMF to strengthen the system;It helps to recognise and prioritize the risks on the basis of the effects of these risks.
With CIA concept organisation can decide which risk should focus on priority wise.So, on the basis of CIS organisation can decide about the significance of the different risks.To conduct this process users has to take some steps such as :
How this framework is used to address the need to protect information in my class: