EP 80: Risk Management Framework with Drew Church

https://www.yourcyberpath.com/80/

In this episode, Kip and Jason, along with special guest Drew Church, take a closer look at the NIST risk management framework to help facilitate selecting the right kind of security for your system and help clarify how to direct resources towards the right controls.

Drew Church, RMF expert and global security strategist at Splunk, is here to talk about the different steps of RMF, the importance of preparation work, and understanding the bigger picture of what you want your system to accomplish.

They also go through the seven steps of RMF in detail: prepare, categorize, select, implement, assess, authorize, and monitor, highlighting the best procedures and ways of going about completing each step, as RMF is highly structured. They also call attention to soft skills and how invaluable they are throughout your cybersecurity career.

Drew and Jason also explain different terms, including STIGS, DIKW pyramid, and POAM, and their importance while developing the RMF.

Finally, they go over various tips and tricks to make sure you are ready for your assessment, like knowing what your system is going to be graded on and maybe also testing beforehand, as well as having in mind that the assessors are not going to be experts in your system. 

What You’ll Learn

●     What is RMF (and what it’s not)?

●     Are RMF and CSF the same?

●     What are the seven steps of the RMF?

●     How important is the DIKW pyramid in RMF?

●     What is the secret to success of system assessments against RMF controls?

Relevant Websites For This Episode

●     www.YourCyberPath.com

●     www.nist.gov

●   www.splunk.com

Other Relevant Episodes

●     Episode 62 - The NIST Cybersecurity Framework

●     Episode 56 - Cybersecurity Careers in the Defense Sector

●    Episode 22 - Impress Us with Your Resume Skills Section