430 W5 DQ1 UG
430 W5 DQ1 RESPONSES CONTINUATION
Please read before replying to responses. 100-150 words.
Response Requirements
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
B Cody
Hello everyone,
"The Risk Management Framework is a template and guideline used by companies to identify, eliminate and minimize risks. It was originally developed by the National Institute of Standards and Technology to help protect the information systems of the United States government" (Posey, 2021). The Risk Management Framework is simply used periodically to identify and organize risks to an organization. The National Institute of Standards and Technology also created the Cybersecurity Framework. "The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks" (Swenson, 2022). These are very similar in that they both were created by NIST to help organizations identify, categorize, and to help mitigate risks but they are different in that The Risk Management Framework deals with more overarching risks regarding organizations and the Cybersecurity Framework deals only specifically with cybersecurity threats. I would recommend for an organization to use all of these frameworks since the Cybersecurity Framework would deal with cybersecurity threats and the RMF would cover strategic, legal, operational, and privacy risks.
C Jacob
Good evening Professor Ligon and class,
Risk Management Framework (RMF) is an established set of components (Identification, Measurement and Assessment, Mitigation, Reporting and Monitoring, and Governance) and steps (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) that help companies to identify, eliminate, and minimize risks. These guidelines were originally created by the National Institute of Standards and Technology (NIST) to help protect information systems within the U.S. “Businesses cannot exist without exposing themselves to risks such as IT problems, litigation, and loss of capital” (Posey, 2021). No risk can be totally gotten rid of, there will always be a need for risks. All we can do is mitigate them. This concept benefits businesses by minimizing the risks that are out there which in end lowers the legal spotlight and increases profits.
Cyber Security Framework (CSF) and RMF are often mixed around when IT professionals are discussing them. When RMF was originally created by NIST, its target audience was the federal government. This is still true today, although private organizations have seen the benefits of RMF and have started to incorporate the guideline into their IT plans. CSF has been created for more critical infrastructures, such as transportation or public utilities. CSF is also suitable for an “Organization of any size, degree of cybersecurity risk, or cybersecurity sophistication” (Webb, 2017). CSF has not been created to replace RMF, it is another tool that organizations have at their disposal to deal with risks associated with the IT field.