Dod Components Of The Risk Management Framework

1994 Words8 Pages

Found within the core of every security program is the data requiring protection. The safeguards set in place allows organizational decision makers to continue their day to day routine, without reacting to information breaches on a day-to-day basis. In 2014 the Department of Defense (DoD) adopted the Risk Management Framework (RMF) to mitigate the risk found throughout the three branches of military service. The primary reason behind such a decision was simply to: implement a multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets from the DoD Information Enterprise level, through the DoD Component level, down to the IS level as described in …show more content…

Without protections in place, the data may easily find its way to the hand and eyes of hostile factions. However, through the guidance of the RMF, leaders at every level are in better position to find data pitfalls, and help secure our vital information, whether the information is a soldier’s personal identifiable information, or the battle plans for an upcoming major engagement. Throughout the course of this paper, we will identity the components of the SP 800-39. We will also identify how commanders are unknowingly equipped with the ability to implements these elements without requiring a background in information security. Without a strong foundation, the organization as a whole would find itself in a constant state of reaction. However, when the security professionals located at the strategic level are able to identify security risks and communicate the requirement to mitigate these risk the foundation becomes more secure.
Risk Management …show more content…

Overall, the footing for the risk management program is laid during the framing process. When exercising the risk management strategy of NIST SP 800-39, the organization itself must determine the overall approach, and the overall tolerance the organization is willing to accept. During framing, the leadership sets the direction for the organization in an effort to achieve the objectives laid out within the organization’s business plan. To place framing into context, the leadership determines its security strategy before moving forward. To effectively frame the risk management strategy, the organizational leadership is required to identify the methodology used to implement security controls. Secondly, the leadership must determine their risk tolerance level, and identify their constraints as the organization moves forward to determine the strategy required to implement risk

More about Dod Components Of The Risk Management Framework