Abstract
Many aspects of cyberspace are abstract and complex, which is why risk management for cybersecurity requires a much different approach to the understanding and evaluation of risk. Given the level of skill and sophistication of the large collection of malicious agents out there, it is critically important to implement comprehensive organization-wide protection since any system with an exploitable hole is a potential hazard. Many organizations are required to document that they have considered the risks to their assets and have control measures in place to protect against them. The NIST-Risk Management Framework (RMF) was designed to offer a structured, yet flexible means for analyzing and deciding how to alleviate the risks that arise from the information systems within an organization. This paper discusses the merits of using the RMF as a guideline of best practices for managers who want to have substantive risk management capability but do not know how to go about implementing it.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
