Towards the end you talked about Risk Assessment, SDLC, and RMF. If an organization is going to implement RMF, which already has some risk assessment (during categorization, and scans), What is the purpose of the Risk Assessment itself. Because many of the steps within the 9 step Risk Assesment process are kind of performed during the categorize step of the RMF. Or, are you saying risk assessment is done to support the Categorize step in RMF steps?
The purpose of conducting risk assessment is to determine the risk to an organization or agency, risk is something that is yet to happen, you are thinking ahead of what will be the impact to your business or agency should there be a security breach.
This is very Helpful
Thank you so much, you are such a great instructor.
Towards the end you talked about Risk Assessment, SDLC, and RMF. If an organization is going to implement RMF, which already has some risk assessment (during categorization, and scans), What is the purpose of the Risk Assessment itself.
Because many of the steps within the 9 step Risk Assesment process are kind of performed during the categorize step of the RMF. Or, are you saying risk assessment is done to support the Categorize step in RMF steps?
The purpose of conducting risk assessment is to determine the risk to an organization or agency, risk is something that is yet to happen, you are thinking ahead of what will be the impact to your business or agency should there be a security breach.
How do I get in contact with you?
Send an email to info@dvineconsult.com