Last week I was happy to participate in a webinar with my colleague Steve Horvath, vice president of strategy and vision at Telos Corporation, where we discussed the revised NIST Risk Management Framework and how it can help define the elements of a risk management program, while aligning the security program with the organizational mission. The session was called: Step 0: Are you ‘Prepared’ for RMF 2.0?
My goal of the session was to answer this question: What does the addition of the Prepare step mean to us as security and/or compliance practitioners? Does it mean that NIST is adding a new requirement on top of what can already be an overwhelming, resource draining process? In my opinion, the answer is no.
As I mentioned in a recent blog post, the intent of the Prepare step has been around since the dawn of system security standards and practices. The intent being, that we need to add organizational context into our plans to build and maintain systems to ensure we are applying resources proportionate to organizational risk and impact.
Steve and I get into much more detail in the session, so I invite you to watch the on-demand version of Step 0: Are you ‘Prepared’ for RMF 2.0?, and please consider sharing it with your colleagues.
The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.