WEEK5 DQ1
430 wk 5 dq1. 100-150 words
Briefly describe the purpose and application of the Risk Management Framework. How does this differ from the Cyber Security Framework? Which would you recommend and why?
REPLIES 75-100 WORDS
A Olatunbosun Osifowode
Risk Management Framework is a highly structured framework or process that is used to identify potential threats or risks to an organization. It also includes developing strategies to mitigate or avoid such risks. These risks are also monitored and the strategies evaluated regularly to ensure seamless performance of the organization. The main purpose of risk management framework is to provide adequate guidance for managing the risks efficiently in order to achieve the organizational goals, protect the employees and assets from any harm and avoid financial loss. Risk management should be integrated with the corporate strategic planning and processes to avoid risks at all levels. This is because potential risks are identified and eliminated (or minimized) to ensure the organizational objectives are achieved.
B Nicholas Laughlin
Risk Management Framework (RMF) is a template and guidelines used by companies to identify, eliminate, and minimize risk. Cyber Security Framework is a set of documents describing guidelines, standards, and best practices designed for cyber security risk management. They differ by RMF is strictly for the government and not really used with any other organization. The cyber security framework is used for any other organization/company that is not working with the government to look after the organization and protect all the assets that retain for the organization.
C Olatunbosun Osifowode replied toNicholas Laughlin
Hello Nicholas,
You had a great post explaining RMF. I can resonate with the way you made it clear. Risk management framework vs Cyber Security Framework- CSF is primarily used in private sectors that supports the infrastructure such as public transportation. RMF is used mainly in public sector (government) and rarely used in private companies; CSF can be used in any industry regardless of the size, level of cybersecurity required, etc. RMF is used for the federal government; CSF can be used to support RMF, however CSF is just an aspect of RMF. It is not a replacement for RMF.