• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.951 ■ Spring 2023 ■ Jose Gomez
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Course
      • Unit 0a – Introduction
      • Unit 0b – The Threat Environment
      • Unit 1a – System Security Plan
      • Unit 1b – Planning and Policy
      • Unit 2a – Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Unit 2b – Cryptography
      • Unit 3a – Secure Networks
      • Unit 3b – Firewalls, Intrusion Detection and Protection Systems
    • Second Half of the Course
      • Unit 4b – Case Study 2 Data Breach at Equifax
      • Unit 5a – Access Control
      • Unit 5b Host Hardening
      • Unit 6a Application Security
      • Unit 6b Data Protection
      • Unit 7a – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Team Project Instructions
  • Harvard Coursepack

NIST SP 800-100, Chapter 10 “Risk Management”

January 1, 2022 by Jose Gomez 2 Comments

Post your thoughtful analysis about one key point you took from this assigned reading.

Filed Under: 0b - The Threat Environment Tagged With:

Reader Interactions

Comments

  1. Chenhao Zhang says

    March 1, 2024 at 10:02 am

    NIST SP 800-100, the Risk Management Framework (RMF), provides organizations with a comprehensive, structured approach to managing information security risks. The framework is designed to help organizations identify, assess, mitigate and monitor information security risks to ensure the security and confidentiality of their information systems, data and assets.
    RMF includes the following key steps:
    Category and sub-category determination, security and control objective determination, security control assessment, authorization, monitoring.
    Authorizing maintenance and updating RMFS is an iterative process that requires organizations to constantly evaluate and adjust their security controls. By implementing RMF, organizations can better understand the risks to their information systems and take appropriate measures to manage those risks, thereby protecting the security of their business and data.
    It is important to note that the NIST SP 800-100 “Risk Management Framework” is a directive document that does not mandate organizations to follow a specific methodology or tool. Instead, it provides a flexible framework where organizations can customize and implement risk management strategies according to their needs and circumstances.

    Log in to Reply
  2. Yi Liu says

    March 4, 2024 at 12:45 pm

    1. Risk Management play a critical role in a successful information security program. It underscores that risk management should not be seen merely as a technical task but as an essential management function integrated into the System Development Life Cycle (SDLC). The risk management process includes risk assessment, risk mitigation, and evaluation and assessment, aligning with federal laws, regulations, and guidelines.
    2. The risk assessment process involves defining risk, identifying and assessing risks to the environment, and is crucial for determining the criticality and sensitivity of systems in terms of confidentiality, integrity, and availability. It includes steps such as system characterization, threat identification, vulnerability identification, risk analysis (combining control analysis, likelihood determination, impact analysis, and risk determination), control recommendations, and documentation of results. This process aims to understand the likelihood of threats exploiting vulnerabilities and the impact of such events, leading to informed decision-making to protect information systems and data.
    3. Risk mitigation focuses on reducing risks to an acceptable level through various strategies like assumption, avoidance, limitation, planning, and transference. It involves prioritizing actions, evaluating control options, conducting cost-benefit analyses, selecting and implementing controls, and considering residual risks.
    4. Evaluation and assessment ensure the ongoing security and risk management of information systems in dynamic IT environments, necessitating continuous monitoring and updates to security controls and risk assessments.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

READINGS & CASE STUDY QUESTIONS

  • 0a – Introduction (1)
  • 0b – The Threat Environment (5)
  • 1a – System Security Plan (4)
  • 1b – Planning and Policy (4)
  • 2a – Case Study 1 (4)
  • 2b – Cryptography (4)
  • 3a – Secure Networks (5)
  • 3b – Firewalls and IDS and IPS (3)
  • 4b – Case Study 2 (4)
  • 5a – Access Control (5)
  • 5b – Host Hardening (3)
  • 6a – Application Security (4)
  • 6b – Data Protection (2)
  • 7a – Incident and Disaster Response (3)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in