Implementing the NIST Risk Management Framework
1h 42mIntermediate2024-10-28
Authors

Ronald Woerner
Professor, Cybersecurity Expert
Course details
As the industry standard, the U.S. National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) process provides a simple way for organizations to categorize and effectively manage their security and privacy programs throughout the system management lifecycle. In this course, Ron Woerner—a noted speaker and writer in the security industry—shows you how organizations of all types and sizes can manage their security and privacy risks. Learn about each step in detail, go over a sample case study, and consider how to practice implementation in your own organization. Explore challenges and solutions to gain real-world experience with the process. Plus, gain hands-on experience with the related NIST Special Publications. By the end of this course, you will be well-versed in the NIST RMF, how to implement it, and how to manage each step for your own organization.
Learning objectives
Assess techniques for implementing the NIST Risk Management Framework in various organizational contexts.
Adapt methods for identifying, managing, and mitigating compliance risks for a sample or real-world organization, considering its specific requirements and constraints.
Interpret case studies showcasing how sample organizations successfully solved common security problems by applying the NIST Risk Management Framework.
Evaluate relevant publications, procedures, and tools for effectively implementing the NIST Risk Management Framework's Seven Steps within an organization.
Choose and recommend best practices for conducting comprehensive NIST Risk Management Framework assessments tailored to organizations of diverse sizes, structures, and industry sectors.
Learning objectives
Assess techniques for implementing the NIST Risk Management Framework in various organizational contexts.
Adapt methods for identifying, managing, and mitigating compliance risks for a sample or real-world organization, considering its specific requirements and constraints.
Interpret case studies showcasing how sample organizations successfully solved common security problems by applying the NIST Risk Management Framework.
Evaluate relevant publications, procedures, and tools for effectively implementing the NIST Risk Management Framework's Seven Steps within an organization.
Choose and recommend best practices for conducting comprehensive NIST Risk Management Framework assessments tailored to organizations of diverse sizes, structures, and industry sectors.
Skills covered
Vulnerability ManagementGovernance, Risk, and ComplianceCybersecurityOne-Off
Concepts
0. Introduction
- 01 - Managing risks using a standard framework
1. NIST RMF Preparation
- 02 - Preparing for a NIST Risk Management Framework (RMF) assessment
- 03 - Taking a risk-based approach for security
- 04 - NIST RMF Prepare step
- 05 - NIST RMF Resources
2. Categorizing Systems
- 06 - Determining in-scope systems
- 07 - Identifying and inventorying information systems and data
- 08 - System Categorization Process
- 09 - Using a Business Impact Assessment for system categorization
- 10 - Categorization terms and resources
3. Control Selection and Implementation
- 11 - Selecting security and privacy controls
- 12 - Security controls
- 13 - Security control baselines
- 14 - Security control implementation
4. Assessing Controls
- 15 - Establishing NIST RMF assessment goals
- 16 - NIST RMF assessment steps
- 17 - Documenting risk assessment results
5. Authorizing Systems
- 18 - Authorize - Risk analysis
- 19 - NIST Authorization process
6. Monitor
- 20 - Establishing monitoring goals
- 21 - Scenario - Continuous monitoring examples
- 22 - Continuous monitoring strategy
Conclusion
- 23 - Best practices in implementing the NIST RMF
Related courses
- Implementing the NIST Risk Management Framework (2020)
- Understanding and Implementing the NIST AI Risk Management Framework (RMF)
- AKYLADE Cyber Risk Management Practitioner RMP-001 (A/CRMP) Cert Prep
- The AI Equity Imperative: Building a More Inclusive Future with AI
- Cybersecurity Foundations: Governance, Risk, and Compliance (GRC)
- Implementing the NIST Privacy Framework
- Complete Guide to Enterprise Cyber Defense
- Cyber Asset Management: Securing Digital Resources in the Modern Enterprise
Related learn paths
- Understanding Generative AI for Tech Leaders
- Become an IT Security Specialist
- Cybersecurity Fundamentals
- Advance your Skills as a PHP Developer: Working with Data
- Become a RESTful API Developer
- Getting Started as a Customer Support Specialist
- Prepare for the Google Associate Android Developer Certification
- Prepare for the CompTIA Security+ (SY0-601) Certification Exam