CHAPTER TWO
THE FUNDAMENTALS
TOW TO MANAGE SECURITY AND PRIVACY RISK
This chapter describes the basic concepts associated with managing information system-related security and privacy risk in organizations. These concepts include the RMF steps and task structure; information security and privacy programs in the RMF; information system, system elements, and how authorization boundaries are established; security and privacy posture; and security and privacy risk management practices associated with the supply chain.
Table of contents
- 2.1 ORGANIZATION-WIDE RISK MANAGEMENT
- 2.2 RISK MANAGEMENT FRAMEWORK STEPS AND STRUCTURE
- 2.3 INFORMATION SECURITY AND PRIVACY IN THE RMF
- 2.4 SYSTEM AND SYSTEM ELEMENTS
- 2.5 AUTHORIZATION BOUNDARIES
- 2.6 REQUIREMENTS AND CONTROLS
- 2.7 SECURITY AND PRIVACY POSTURE
- 2.8 SUPPLY CHAIN RISK MANAGEMENT