From the course: Implementing the NIST Risk Management Framework
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
NIST RMF scoping tips, techniques, and perspectives
From the course: Implementing the NIST Risk Management Framework
NIST RMF scoping tips, techniques, and perspectives
- [Instructor] Scoping answers the question, what is the focus of this effort? In other words, what are you looking at? Is it a specific operation, system or data? Or is it everything in the enterprise? In applying and assessing security, you want to focus your efforts on a specific target as much as possible to avoid trying to analyze and secure too much. For example, when I'm assessing an organization that takes credit cards, for compliance with the payment card industry data security standards, I only look at their cardholder data environment. The scope is limited to only those systems that process, store, and transmit payment card data or any system that supports it like a computer network. The NIST RMF has similar scoping. When categorizing systems, consider the different types of assets and where they fit in the overall picture. It starts with the organization's IT infrastructure, including networks, computing…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.