Documente Academic
Documente Profesional
Documente Cultură
Course Syllabus
Executive RMF
Instructor Name: Nikki Robinson Instructor Website:
Instructor Contact: www.linkedin.com/in/dr-nikki-robinson/ Course Creation Date:
11/01/2019
Course Description and Goals
Course Description:
This course will discuss the NIST Risk Management Framework (RMF) from an executive
perspective. RMF was designed to address the management of organizational risk within the
operation of a system (or network). While managing risk, this framework can also help an
organization to select appropriate security controls, to balance security and functionality for a
safe and seamless end-user experience. The framework is made up of six steps, system
categorization, selection of controls, implementation, assessment, authorization, and
monitoring those controls. But the key to each of these steps is the preparation put into each
component, which determines the success of the framework. One of the main problems which
can occur when trying to implement a security program, are the issues between the
Information Technology (IT) and Security teams. Each team has different objectives but must
meet in the middle to accommodate user needs, as well as the needs of the business.
Each module will not only address each step in the RMF process, but how this process can be
implemented into your organization or business. RMF does not have to just be for federal
organizations, it can be integrated into any information security program, to ensure effective
and efficient security practices. Each step will be described in detail, including mention of
supplemental documentation, who will be involved at each stage, and how to integrate each
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
component into a security program. The RMF steps are meant to help streamline the
Authorization to Operation, or ATO, process. When implemented correctly, security processes
will be aligned to meet functionality and security with the IT and Security teams.
Prerequisites: Individuals who wish to take this course should be team leads in the IT or
Security sectors, senior management, or executive management looking to implement, or
improve, RMF use in their organizations. Users should already have a basic understanding of
the NIST Risk Management Framework before taking this course. Users should also be familiar
with the accompanying NIST Special Publication guides, as outlined in the supplemental
material section.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
Course Outline
Module 1 | NIST RMF – The Basics
Lesson 1.0: Introduction
Lesson 1.1: RMF Overview
Lesson 1.2: Creating a Top-Down RMF Approach
Lesson 1.3: New Step - Preparation
Module 2 | Categorize, Select and Implement
Lesson 2.0: Categorize the System (Including HVA’s)
Lesson 2.1: Selecting Proper Controls
Lesson 2.2: Implementing Controls
Module 3 | Asses, Authorize, and Monitor
Lesson 3.0: Assessing the System
Lesson 3.1: Let’s Get that ATO!
Lesson 3.2: Monitoring System, Controls and Changes
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3