Hide full abstract Keywords assess authorization to operate authorization to use authorizing official categorize common control common control authorization common control provider continuous monitoring control assessor control baseline cybersecurity framework profile hybrid control information owner or steward information security monitor ongoing authorization plan of action and milestones privacy privacy assessment report privacy control privacy plan privacy risk risk assessment risk executive function risk management risk management framework security security assessment report security control security engineering security plan security risk senior agency information security officer senior agency official for privacy supply chain risk management system development life cycle system owner system privacy officer system security officer system-specific control. In addition, it establishes responsibility and accountability for the controls implemented within an organization’s information systems and inherited by those systems. Executing the RMF tasks links essential risk management processes at the system level to risk management processes at the organization level. ![]() The RMF also promotes near real-time risk management and ongoing information system and common control authorization through the implementation of continuous monitoring processes provides senior leaders and executives with the necessary information to make efficient, cost-effective, risk management decisions about the systems supporting their missions and business functions and incorporates security and privacy into the system development life cycle. The RMF includes activities to prepare organizations to execute the framework at appropriate risk management levels. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization control selection, implementation, and assessment system and common control authorizations and continuous monitoring. Compared with the other areas, information management in this latter context is more widely concerned with the meaning of information for the information user and with information retrieval issues (Wilson, 2002).This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations. In the field of librarianship and information science it is identified with the 'emerging market' for information workers (managers), whose perception of information embraces data, organizational intelligence, competitive intelligence, external information resources of all kinds and the associated technology (manual or machine) for handling these different sources. In business or management studies it has similar connotations to technology management, with an emphasis on the relationship of information technology to business performance and competitiveness (Synott 1987 as cited in Wilson, 2002). The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process. Wilson (2002) notes that the term 'information management' is used ambiguously in the literatures of several fields: in computer science and its applications it is used as a synonym for information technology management (Synott and Gruber 1981) or as identical to 'data management', where the emphasis is on the structures underlying quantitative data and their relationship to the design of databases.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |