ipl-logo

Dod Components Of The Risk Management Framework

1994 Words8 Pages

Found within the core of every security program is the data requiring protection. The safeguards set in place allows organizational decision makers to continue their day to day routine, without reacting to information breaches on a day-to-day basis. In 2014 the Department of Defense (DoD) adopted the Risk Management Framework (RMF) to mitigate the risk found throughout the three branches of military service. The primary reason behind such a decision was simply to: implement a multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets from the DoD Information Enterprise level, through the DoD Component level, down to the IS level as described in …show more content…

Without protections in place, the data may easily find its way to the hand and eyes of hostile factions. However, through the guidance of the RMF, leaders at every level are in better position to find data pitfalls, and help secure our vital information, whether the information is a soldier’s personal identifiable information, or the battle plans for an upcoming major engagement. Throughout the course of this paper, we will identity the components of the SP 800-39. We will also identify how commanders are unknowingly equipped with the ability to implements these elements without requiring a background in information security. Without a strong foundation, the organization as a whole would find itself in a constant state of reaction. However, when the security professionals located at the strategic level are able to identify security risks and communicate the requirement to mitigate these risk the foundation becomes more secure.
Risk Management …show more content…

Overall, the footing for the risk management program is laid during the framing process. When exercising the risk management strategy of NIST SP 800-39, the organization itself must determine the overall approach, and the overall tolerance the organization is willing to accept. During framing, the leadership sets the direction for the organization in an effort to achieve the objectives laid out within the organization’s business plan. To place framing into context, the leadership determines its security strategy before moving forward. To effectively frame the risk management strategy, the organizational leadership is required to identify the methodology used to implement security controls. Secondly, the leadership must determine their risk tolerance level, and identify their constraints as the organization moves forward to determine the strategy required to implement risk

Show More
Related

Battle Of Wanat Case Study

1542 Words | 7 Pages

On July 30, 2008, a bloody battle involving Coalition forces took place in the mountainous eastern Afghan province of Nuristan. This was the Battle of Wanat and the devastating amount of Coalition casualties began a vigorous investigation by the United States Army. The village of Wanat, defended by Second Platoon, Chosen Company, Second Battalion, 503rd Infantry Regiment, 173rd Airborne Brigade Combat Team would fall victim to numerous bad decision made by higher command. Although the men of Chosen Company fought hard, they ended up surrounded, vastly outnumbered, and without any Battalion assets. This paper will argue the reasons for the disastrous outcome of the Battle of Wanat; examining the effective company leadership exploiting effective

Read More

Principles Of Mission Command: Operation Anaconda

1069 Words | 5 Pages

The mission's success is due to the troops' enhanced ability to socialize, trust one another, and take disciplined initiative. In other cases, however, the principles were only partially applied, resulting in chaos, anarchy, and competing goals. General Hagenbeck's leadership and judgment were crucial References Barabash, V., Kotelenets, E., & Lavrentyeva, M. (2019). The definition case of information warfare term: Waging wars or disseminating propaganda? Proceedings of the International Conference on Man-Power-Law-Governance: Interdisciplinary Approaches (MPLG-IA 2019).

Read More

Acct 391 Unit 1 Business Security And The Future

1670 Words | 7 Pages

Marques Underwood INSS 391 Security and the Future With the transition of companies leaning towards advancing through the usage of big data, cybersecurity and the trends in technology are creating an increase in threats. The goal is to protect the databases and devices used at these companies before they are hacked and compromised for unwanted reasons. We’ll see the general concerns with security in the IT field, and steps that specific companies are taking to prevent and adopt to the landscape of the future in security. Devices are increasing at a rapid pace these days, meaning the more data is being expanding.

Read More

Army Warrant Officer Candidate

329 Words | 2 Pages

With the demands and high tempo of standing up the new cyber field, the U.S. Army will not only require technical experts, but strong proven leaders to mentor and guide the next generation of cyber professionals. I firmly believe that SSG Worley has shown that he is more than capable of being such a leader. As a result, I am pleased to recommend SSG Worley for the Warrant Officer Candidate Program and the 170A Cyber Operations

Read More

The Dodd-Frank Act

2268 Words | 10 Pages

FISMA act gives a great importance to risk based rules that helps in defining cost-effective security solutions to the organization. FISMA standard should be executed with the help of senior security officials, chief information security officers and security director who can help to conduct different annual reviews of the organization`s information security program and produce the report in front of management about its findings. The management will use this data in order to identify different security loopholes and apply the proper security measures in order to make the organization security compliant. It`s

Read More

General Dempsey's 2012 Mission Command White Paper

189 Words | 1 Pages

The Army has many institutional facilities and training environments that allow commanders to establish a dialogue and visualize their subordinates performing their mission essential tasks to a level of proficiency. However, trust is not a task built

Read More

Purple Dragon Team Mission (OPSEC)

663 Words | 3 Pages

OPSEC was originally developed during the Vietnam War under the command of Admiral Ulyssess Sharp. The “Purple Dragon” team mission was to determine how the enemy was could gather information on military operations. The data the team got, lead them to the conclusion that the United States military needed to alter tactics and procedures of handling classified information and military in order to reduce an enemy 's ability to make predictions based on the knowledge gained. After the war OPSEC was formally established as a national program when President Ronald Regan signed the National Security Decision Directive Number 298 in 1988. The program was created and implemented as a result of the Purple Dragon team’s notable efforts in the Vietnam War.

Read More

Leaving Google In Gagnet Nation Summary

484 Words | 2 Pages

All the tools we have are awful’” (147). That is the problem with digital security. The average stereotypical lazy American does not want to be inconvenienced, which is why the government can access almost anything we put online. Our online lives are like an elementary school girl’s diary that doesn’t have a key and is hidden under her pillow, which is not secretive at all.

Read More

Criminal Force Assignment

1038 Words | 5 Pages

Myself and all members of the M.A.P.P.S/SPU are fully aware of the importance of information security, given our access to this material. Additionally, with regards to dealing with information security, I have also been the system manager of two distinct and complex data systems. The first being the Voice-box wiretap system. My duties as a member of the Electronic Surveillance Unit consisted of, direct handling of Computer Data Warrants, provisioning of court ordered wiretaps for various NJSP and outside agencies, assisting in the installation of hidden surveillance equipment, and administrating the Voice-box wiretap data system which contained thousands of confidential recordings from hundreds of

Read More

Target Risk Management Case Study

908 Words | 4 Pages

The risk management process establishes the methodology for risk enterprises framework for the of many businesses (Fraser & Simkins, 2010). A retail business such as Target needs to do a risk assessment to establish the types of risks being faced by the organization. The risk assessment process starts with the identification and categorization of risk factors. High customer interaction of the retail businesses like Target, need to identify risk as a continuous basis effort over the lifetime of the business (Mandru, 2016). It important that the business leaders, set goals and priorities for the risk management system.

Read More

Homeland Security Definition

1093 Words | 5 Pages

These partnerships create an environment to share critical threat information, risk mitigation, and other vital information and resources” (DHS, n.d.). This is, in my opinion the best way to combat these vulnerabilities. It is essential that these private companies work with the DHS and allow them to conduct vulnerability assessments. Without the use of these assessments, then a company may not know where it stands. And with the growing threat of cyber-attacks, it is essential that our infrastructure be protected.

Read More

COBIT V4.1 Framework

993 Words | 4 Pages

Implement a policy where employees must adjust their passwords every sixty days and that they must set a screen lock out when they step away from their workstation 4. True or false: COBIT P09 risk management control objectives focus on assessment and management of IT risk. True 5. What is the name of the organization that defined the COBIT P09 Risk Management Framework?

Read More

The Pros And Cons Of Genetic Testing

1051 Words | 5 Pages

Introduction to Genetic Testing: Currently, genetic testing is a voluntary test. It is taken to identify the presence of a gene that causes disease or to identify mutations that can lead to a disease. Chromosomes, proteins, and genes are tested through several different methods, including molecular, chromosomal, and biochemical methods. Some have argued that it should be required for all babies.

Read More

What Is The Pcnet Project Case Study

674 Words | 3 Pages

After reading the case study of the PCNet Project, we will examine how critical success factors apply to the case study. The first area is setting clear objectives for risk management. With this factor we set strategic, financial, operational, and other objectives during the strategic and annual planning processes and throughout the year for a company. With these objectives we need to ensure that there is the process of identifying risks to our objectives, evaluating the impact of those risks and choosing a response. Some of the actions the company needs to be ready to respond to are avoidance, mitigation, or acceptance.

Read More

IT Infrastructure Audit Case Study

2512 Words | 11 Pages

The first step that the auditor should take is to gather as much information about any security procedures and policies that may have been in use following the information collected from the records available. Since each policy may have a different aspect that it works on, the findings from the audit may present evidence that may be vital in identifying the existing procedures or the absence of any policies or procedures. The existence of policies and procedures enables a company to reduce the occurrence or the impacts of a given risk. The lack of such policies may lead to reduced risk management

Read More

More about Dod Components Of The Risk Management Framework

Related Topics

Open Document