Solution Library

Risk Management Framework For ISO 27002, COBIT, NIST and ITIL

Question

The National Institute of Standards and Technology (NIST) replaced the former NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems with NIST Special Publication 800-37 Revision 1, Guide for Applying Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. The NIST document changed from a certification and accreditation framework to a risk management framework because information security management systems should be regularly reviewed, updated, and maintained. It makes more sense to follow a security life cycle approach (continuous monitoring) versus a single one-time static certification/accreditation approach.
 
For this task, you will be using NIST Special Publication 800-37 Revision 1, Guide for Applying Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach and the attached “Healthy Body Wellness Center Risk Assessment” case study.

You have been hired to apply the NIST’s risk management framework to the Healthy Body Wellness Center’s information systems. You know that the organization has recently had a risk assessment completed that includes recommendations for implementing security controls and mitigating risks. In your new role, a team of people will be assigned to help you with the task. The first job you are tasked with is creating a to-do list for the specific tasks outlined in each of the six steps in the risk management framework (RMF).
 
Task:

A. Discuss key elements that need to be addressed as part of the risk management framework by completing the attached “RMF To-Do List.”
 
B. Create a white paper that compares the ISO 27002, COBIT, NIST, and ITIL frameworks by doing the following:
1. Discuss how each framework is most commonly used.
2. Analyze the purpose of each framework design.
3. Evaluate the strengths of each framework.
4. Evaluate the weaknesses of each framework.
5. Discuss the certification and accreditation process for the frameworks.
6. Discuss when you would choose to use each framework (e.g., ISO 27002 versus COBIT, NIST, or ITIL).
 
C. When you use sources, include all in-text citations and references in APA format.

Summary

The question belongs to Computer Science and it discusses about the key elements addressing risk management framework for ISO 27002, COBIT, NIST and ITIL frameworks.

Total Word Count 2642

Download Full Solution

Comments

  • HWA
    Rasha

    this is a very good website

  • HWA
    maani

    I have 50 questions for the same test your page is showing only 28

  • HWA
    joeanne

    hi can you please help or guide me to answer my assignments. thanks

  • HWA
    joeanne

    hi can anyone help or guide me to my assignments. thanks

  • HWA
    Monik


  • HWA
    Cristina

    This solution is perfect ...thanks

  • HWA
    Janete

    Hello Allison,I love the 2nd image that you did! I also, had never heard of SumoPaint, is something that I will have to exolpre a bit! I understand completely the 52 (or so) youtube videos that you probably watched. Sometimes they have what you want, sometimes they don't! However, it is always satisfying when you are able to produce something that you have taught yourself. Great job!Debra 0 likes

  • HWA
    Sandeep

    Perfect bank of solution. 

  • HWA
    Oxana

    great !

  • HWA
    Paul Brandon-Fritzius

    thanks for the quick response. the solution looks good. :)

  • HWA
    tina Johnson

    thnx for the answer. it was perfect. just the way i wanted it. 

  • HWA
    Giuseppe

    works fine.