What this book covers

Chapter 1, Understanding Cybersecurity and Risk Management

What good is building a house without a foundation? In this case, our foundation is cybersecurity and risk management. This chapter will kick things off, getting us on the right foot so we can move forward on the same level together.

Chapter 2, NIST Risk Management Framework Overview

NIST is a cool organization – no, really! They are! Before we dive into the framework, let’s talk about where it came from. The main topics we touch on here are the history of the NIST RMF, the stages and crucial components, and finally, the roles and responsibilities of the team that will utilize it in your organization.

Chapter 3, Benefits of Implementing the NIST Risk Management Framework

It’s useless to do something and truly own it if you don’t even know why you’re doing it, right? This chapter aims to solve just that. Covering the advantages of adopting the NIST RMF, some regulatory considerations, as well as the whole purpose for doing this in the first place (risk reduction!), we’ll start to dive into this topic together and have some fun.

Chapter 4, Preparing for RMF Implementation

How can you do something if you don’t prepare first? One might call that “winging it,” and in the context of risk management, it’s not something I really recommend. This chapter will discuss how to put your team together, set goals, create a strategy, and start implementing the framework.

Chapter 5, The NIST RMF Life Cycle

Here, we take an in-depth look at the stages of the framework – Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor. You, the reader, will understand how the RMF is laid out and the importance of each step, with clear breakdowns.

Chapter 6, Security Controls and Documentation

This chapter gets into the so-called meat and potatoes of every governance, risk and compliance (GRC) person’s life – the controls themselves, and just as important, the documentation of those controls. This chapter discusses the importance of controls, not just for security’s sake but also from the perspective of business enablement. We will also discuss documentation and automation as keys to truly making your life easier.

Chapter 7, Assessment and Authorization

Moving on, we set out to equip you with the skills to conduct a security assessment (or even more than one), navigate the assessment and authorization process, and prep for the inevitable audits. Fear not the auditor – they’re here to help (we hope).

Chapter 8, Continuous Monitoring and Incident Response

Despite all of the controls in the world you may have implemented, the human factor will still play a role. Eventually, you may find yourself conducting incident response. But how can you do that without a solid plan? In this chapter, we’ll discuss how to develop an incident response plan and how to use it. We’ll also touch on verifying your controls with continuous monitoring.

Chapter 9, Cloud Security and the NIST RMF

We’d be remiss if we didn’t talk about the revolution that has been the cloud and the unique ways that risk can rear its head here. We’ll discuss how we might adapt the NIST RMF for cloud environments and some challenges (and solutions), and even have a brief chat about compliance.

Chapter 10, NIST RMF Case Studies and Future Trends

What good is learning about a framework unless you can also learn from others’ experiences? Sometimes the best way to do something is to follow in the footsteps of those who’ve come before you. In this chapter, we’ll do just that.

Chapter 11, A Look Ahead

As we draw to a close, we’ll reflect on the journey we’ve taken, discussing lifelong learning and the role of all of us as cybersecurity leaders in excellence.