INFOSEC Governance and Regulation
NIST – IDENTIFY: Categories and Subcategories
Views: 11Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
NIST Cybersecurity Framework v1.1: Fundamentals
Views: 26NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large. The next level down is the 23 Categories that are split … Read more
Risk Assessment Methodologies
Views: 8Risk Management Frameworks There are several frameworks for risk assessment. Example methodologies are: NIST SP 800-30 Based on NIST SP 800-30, the risk management process entails four steps: Frame Risk
Risk Management – Terminology
Views: 8Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat A threat is a potential harm or danger to an individual, organisation, or system. Threats can be classified into three main categories: human-made, technical, or natural. Human-made threats: These threats are caused by human activities or interventions. Examples include: As can be seen, human-made threats are not limited to … Read more