We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Risk Management Framework (RMF) and the Implementation Challenges.
- Authors
Amaghionyeodiwe, Lloyd Ahamefule
- Abstract
Recently, there has been a shift in the risk management process of the federal government and its agencies. The shift is the transition from the Information Assurance Certification and Accreditation (C&A) to the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This was also a shift from a compliance-based approach to a risk-managed approach to cybersecurity. However, as with any major changes, this shift does not come without some resistance and implementation challenges. This paper examines the new risk management framework (RMF) and the implementation challenges. Among the observed implementations challenges are those related to solid governance as well as a culture that promotes communication, trust, thinking, and informed risk taking. Other challenges include the lack of top management support and the need for Cybersecurity proficiency and trainings. Based on these, this study suggests that the need for security personnel to be adequately trained and educated in the use of the RMF. Also, organizations should have an avenue where they can share their various experiences about the applicability and usage of the security mitigations (and security controls). This will help improve the understanding of how to use and what to expect from the implementation of the RMF.
- Subjects
NATIONAL Institute of Standards &; Technology (U.S.); INFORMATION assurance; INTERNET security; RISK management information systems; INFORMATION storage &; retrieval systems
- Publication
Proceedings of the Northeast Business & Economics Association, 2017, p11
- ISSN
1936-203X
- Publication type
Article