Introduction

Part I covers the basics of compliance, including laws and regulations, that mandate systems like the RMF. It discusses the history of certification and accreditation and its evolution into the RMF and the RMF’s integration into the system development lifecycle (SDLC). It also introduces the Department of Social Media (DSM), the organization used for the exercises in this book.

The mantra of any good security engineer is: “Security is a not a product, but a process.” It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.

— Bruce Schneier

Get Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Risk Management Framework by James Broad

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly