EP 80: Risk Management Framework with Drew Church
https://www.yourcyberpath.com/80/
\n\nIn this episode, Kip and Jason, along with special guest Drew Church, take a closer look at the NIST risk management framework to help facilitate selecting the right kind of security for your system and help clarify how to direct resources towards the right controls.
\n\nDrew Church, RMF expert and global security strategist at Splunk, is here to talk about the different steps of RMF, the importance of preparation work, and understanding the bigger picture of what you want your system to accomplish.
\n\nThey also go through the seven steps of RMF in detail: prepare, categorize, select, implement, assess, authorize, and monitor, highlighting the best procedures and ways of going about completing each step, as RMF is highly structured. They also call attention to soft skills and how invaluable they are throughout your cybersecurity career.
\n\nDrew and Jason also explain different terms, including STIGS, DIKW pyramid, and POAM, and their importance while developing the RMF.
\n\nFinally, they go over various tips and tricks to make sure you are ready for your assessment, like knowing what your system is going to be graded on and maybe also testing beforehand, as well as having in mind that the assessors are not going to be experts in your system.\xa0
\n\nWhat You\u2019ll Learn
\n\n\u25cf\xa0\xa0\xa0\xa0\xa0What is RMF (and what it\u2019s not)?
\n\n\u25cf\xa0\xa0\xa0\xa0\xa0Are RMF and CSF the same?
\n\n\u25cf\xa0\xa0\xa0\xa0\xa0What are the seven steps of the RMF?
\n\n\u25cf\xa0\xa0\xa0\xa0 How important is the DIKW pyramid in RMF?
\n\n\u25cf\xa0\xa0\xa0\xa0 What is the secret to success of system assessments against RMF controls?
\n\nRelevant Websites For This Episode
\n\n\u25cf\xa0\xa0\xa0\xa0\xa0www.YourCyberPath.com
\n\n\u25cf\xa0\xa0\xa0\xa0\xa0www.nist.gov
\n\n\u25cf\xa0 \xa0www.splunk.com
\n\nOther Relevant Episodes
\n\n\u25cf\xa0\xa0\xa0 \xa0Episode 62 - The NIST Cybersecurity Framework
\n\n\u25cf \xa0\xa0\xa0\xa0Episode 56 - Cybersecurity Careers in the Defense Sector
\n\n\u25cf\xa0 \xa0\xa0Episode 22 - Impress Us with Your Resume Skills Section