RISK MANAGEMENT FRAMEWORK RMF

The Risk Management Framework (NIST Special Publication 800-37). ... The Risk Management Framework(RMF), illustrated at right, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.

The selection and specification of security controls for a system is accomplished as part of an organization-wide information security program that involves the management of organizational risk---that is, the risk to the organization or to individuals associated with the operation of a system. The management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an system---the security controls necessary to protect individuals and the operations and assets of the organization.

OSI MODEL

“Short for Open System Interconnection, an ISO standard for worldwide communications that defines a networking framework for implementing protocols in seven layers.”1 The parts worth noting here are that the model is an ISO standard that affects the way the IT industry should design computer networking protocols. Some people like to think of protocols as languages and these languages make communications with similar devices possible. If everyone is playing to the same set of rules then it is much easier to make the jigsaw fit together. 

You do not have Permission to view this Post

You do not have Permission to view this Post