Risk Management Framework and Security Categorization

This set of flashcards covers key vocabulary terms and definitions related to the Risk Management Framework and security categorization discussed in the lecture notes.

Categorization

The process of classifying information and information systems based on their sensitivity and importance.

High Water Mark

The highest potential impact value assigned to each security objective for all security categories resident on an information system.

Sensitivity

A measure of the importance assigned to information that denotes its need for protection.

Criticality

A measure of the degree to which an organization depends on information for the success of a mission or business function.

Risk Management Framework (RMF)

A structured process to manage cybersecurity risk by implementing security controls through categorization, selection, implementation, assessment, authorization, and monitoring.

NIST SP 800-37

A publication that provides guidelines for applying the Risk Management Framework to federal information systems.

FIPS-199

Standards for Security Categorization of Federal Information and Information Systems used to determine the categorization of information types.

Potential Impact Levels

Levels used to describe the potential consequences of losing confidentiality, integrity, or availability of information.

System Security Plan (SSP)

A comprehensive document that outlines the security controls, roles, and responsibilities associated with an information system.

Continuous Monitoring Strategy

An ongoing process to ensure that the security controls remain effective over time.

Documentation

The process of formally recording all aspects of categorization, security controls, and risk assessments.