Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
NIST RMF (Risk Management Framework) and ISACA CRISC
Rating: 4.7 out of 5(18 ratings)
147 students

NIST RMF (Risk Management Framework) and ISACA CRISC

Details of both Risk Management Frameworks and how they defer, implementation Best Practices.
Last updated 4/2023
English

What you'll learn

  • Learn about NIST RMF (Risk Management Framework)
  • Risk Management
  • ISACA CRISC
  • Combining both Risk Management Standards to optimise Risk Strategy and Management
  • Cyber Risk and how to use this as a SOC or Security Person

Course content

1 section15 lectures3h 40m total length
  • Introduction4:48

    In this lecture, we introduce both the RMF and CRISC as Risk Frameworks; we then discuss what we will cover in this course that aims to combine those two frameworks and provide more value by discussing the pros and cons as well as how these frameworks are implemented.

  • RMF - Prepare7:16

    The prepare step in RMF is one of the most crucial steps in the framework; here, we collect and use data from our asset management systems and the enterprise risk strategy. These key components provide us with a valuable source of information in which we build our risk management implementation later in the framework.

  • Read the FAQs Document for this lecture.
  • RMF - Categorize15:05

    The Categorize step aims to inform organizational risk management processes and tasks by determining the adverse impact of the loss of confidentiality, integrity, and availability of organizational systems and information to the organization.

  • RMF - Select16:36

    For security control selection, the initial set of baseline controls is based on the impact level of the system as determined by the security categorization process. The organization selects one of three sets of baseline security controls from NIST SP 800-53B [SP 800-53B], corresponding to the system's low-, moderate-, or high-impact rating. After selecting the initial set of baseline security controls, the organization initiates the tailoring process to modify appropriately and more closely align the controls with the specific conditions within the organization (i.e., conditions specific to the system or its environment).

  • Read the FAQs Document for this lecture.
  • RMF - Implement22:38

    This lecture and step in MF deals with the implementation of controls involves establishing new or utilizing existing processes, procedures, products, and services to meet the intent of the controls selected in the RMF Select step.

  • Read and review the FAQs document for this lecture.
  • RMF - Assess18:40

    Security and privacy control assessments verify that selected controls are implemented correctly, operating as expected, and recorded appropriately (e.g., in security and privacy plans). The deficiencies in implementing security and privacy controls should be prioritized by the potential risks they convey to the system, components, and organization.

  • RMF - Authorize10:56

    The purpose of the Authorize step is to provide organizational accountability by requiring a senior management official (authorizing official) to determine if the security and privacy risk (including supply chain risk) to organizational operations and assets, individuals, other organizations, or the Nation is acceptable based on the operation of a system or the use of standard controls.

  • RMF - Monitor14:21

    The ultimate objective of continuous monitoring is to determine if the security and privacy controls in the system continue to be effective over time in light of the inevitable changes that occur in the design and the environment in which the system operates. Continuous monitoring also provides an effective mechanism to update security and privacy plans, assessment reports, and plans of action and milestones.

  • Read and review the FAQs document for this lecture.
  • NIST RMF Implementation Best Practices9:48

    This is a short lecture on some of the best practices of implementing NIST's RMF.

  • ISACA -CRISC Introduction6:50

    This is an introduction to ISACA's CRISC.

  • ISACA-CRISC Domain 1 - Governance13:25

    Governance is the responsibility for safeguarding an organization’s assets. The organization’s board of directors is responsible for governance. The board entrusts the senior management team to manage the organization’s day-to-day operations following the board’s authorized strategic directives.

  • ISACA-CRISC Domain 2 - IT Risk Assessment13:39

    IT risk assessment identifies, analyses, and evaluates IT risks that could affect an organization’s operations, assets, and reputation. It is an essential component of IT risk management and helps organizations make informed decisions about managing their IT risks.

  • ISACA-CRISC Domain 3 - Risk Response & Mitigation17:49

    This domain focuses on identifying strategic measures and choices to improve opportunities and decrease risks while balancing restrictions imposed on the organization. It is divided into risk response, control design and implementation, and risk monitoring and reporting.

  • ISACA-CRISC Domain 4 - Risk Control, Monitoring and Reporting26:06

    Domain 4 of CRISC, Information Technology and Security focuses on verifying IT risk management and information systems control expertise. It deals with how professionals manage a company’s IT risks and controls.

  • Summary and Implementation Best Practices22:28

    This section discusses the differences and pros and cons of CRISC, NIST RMF, and other ERM (Enterprise Risk Management Frameworks). We also review the implementation guidance and best practices to help you decide which EMF is suitable for your organization.

Requirements

  • Be curious to learn about cyber risk management
  • Interested in Risk Management
  • Work in or want to understand how Risk Management can help your organization
  • Get a Job as a SOC Analyst or in Security

Description

This course goes through two different Risk Management Frameworks (RMF and CRISC) and details both framework components, areas, and especially the tasks involved in each area.

This course examines the two risk frameworks' areas, key takeaways, and implementation. In summary, we compared and contrasted each framework and its use.

We conclude the training by looking at other risk management frameworks and reviewing if the CRISC is used since this is one of the certification frameworks rather than an actual risk framework. 

The NIST RMF (Risk Management Framework) and ISACA CRISC (Certified in Risk and Information Systems Control) course is designed to provide a comprehensive understanding of risk management in information security.

The course covers the NIST RMF, a process for managing and mitigating risks to information systems. It includes an overview of the six steps in the NIST RMF process, including categorization, selection, implementation, assessment, authorization, and continuous monitoring. Additionally, the course covers how to implement the NIST RMF in an organization, including how to select appropriate security controls and how to assess the effectiveness of those controls.

The course also covers the ISACA CRISC certification, designed to demonstrate expertise in identifying, assessing, evaluating, and managing information system risks. It includes an overview of the CRISC domains, including IT risk identification, assessment, response, and monitoring. Additionally, the course covers how to prepare for and pass the CRISC exam, including study tips and best practices.

Overall, this course provides a comprehensive understanding of risk management in the context of information security, including both the NIST RMF and ISACA CRISC. It is ideal for information security professionals who want to enhance their knowledge and skills in managing and mitigating risks to information systems.

Who this course is for:

  • People who work in or are interested in Risk Management
  • People who are interested in or work in IT or Security
  • Someone who wants to get a good paying job in Security or Cyber Risk Management
  • People who want to add critical Risk and Cyber Risk Management Skills to their CVs