You have the option of using a fictional case student scenario for the class exercises in this course. In this video, learn about the case study company and the role of a security consultant hired to assist the company in implementing the NIST RMF.
- To help you learn the NIST RMF, we provide a case study scenario. While it's fictionalized, it's based on a number of real-life typical companies. Red30 Tech AEC, Architecture, Engineering, and Construction provides computer-aided design, architecture, construction program management and engineering services. Their clients include data management companies, utilities, educational institutions, and agencies throughout the US. The main office is in Reston, Virginia, which houses 100 of the 350 total employees. They also have other offices in Chicago, Illinois, Austin, Texas, San Jose, California, and Seattle, Washington. Red30 Tech's clients have asked that they demonstrate compliance with the NIST risk management and cybersecurity frameworks. They're not familiar with 'em so their management hired you as a security consultant to lead the project and establish the NIST RMF and CSF as a core part of their business. Your mission, should you choose to accept it, is to read the case study for details of the company's technology infrastructure, operations, and known risks. In the case study document provided with this course, you'll read numerous details about Red30 Tech. Use those as you're working through the different functions and phases of the NIST RMF. Practice with this case study as if you're an actual cyber-security consultant evaluating their security and privacy controls. You can use the NIST RMF process with either Red30 AEC or your own company as you learn about it throughout this course to evaluate security and privacy capabilities. You can record your observations on the provided template worksheets and make recommendations as if you're working for Red30 AEC. This is exactly what I do as a cybersecurity consultant. Have fun with it.