Video Description

In this lesson, Subject Matter Expert (SME) Kelly Handerhan discusses the importance of the following documents in understanding and using the Risk Management Framework: - FIPS-199 and its standards for security standardization (low, moderate, and high risks and the application of the high water mark in assessing risk) - FIPS-200 and its minimum security requirements for the categories defined in federal information and information systems (definition of 17 security-related categories – plus an additional one used in RMF -- and implementation of customized minimum baselines for security controls) - NIST SP 800-30, REV 1 – a guide for conducting risk assessment - NIST SP 800-39 – managing information security risk In this lesson you will learn: - the three levels of impact of security breaches - how to determine an information security system category based on specific criteria - how to implement the minimum baseline of security controls - integration of security controls and an organization's goals - the risk assessment three-step process in the context of four risk factors - types of risk assessments - how to manage information security risk - making risk management user friendly THE DISCUSSION OF THE IMPORTANT RMF DOCUMENTS CONTINUES IN LESSON 3.

Course Modules