![Sample our Information Science journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5940/TOC-Subject-Sample-2021-Communication-Studies.jpg"})
Abstract
Many aspects of cyberspace are abstract and complex, which is why risk management for cybersecurity requires a much different approach to the understanding and evaluation of risk. Given the level of skill and sophistication of the large collection of malicious agents out there, it is critically important to implement comprehensive organization-wide protection since any system with an exploitable hole is a potential hazard. Many organizations are required to document that they have considered the risks to their assets and have control measures in place to protect against them. The NIST-Risk Management Framework (RMF) was designed to offer a structured, yet flexible means for analyzing and deciding how to alleviate the risks that arise from the information systems within an organization. This paper discusses the merits of using the RMF as a guideline of best practices for managers who want to have substantive risk management capability but do not know how to go about implementing it.
Additional information
Notes on contributors
Anne Kohnke
Anne Kohnke, PhD, is an assistant professor of IT at Lawrence Technological University and teaches courses in both the information technology and organization development/change management disciplines at the bachelor through doctorate levels. Anne started as an adjunct professor in 2002 and joined the faculty full-time in 2011. Her research focus is in the areas of cybersecurity, risk management, and IT governance. Anne started her IT career in the mid-1980s on a help desk, and over the years developed technical proficiency as a database administrator, network administrator, systems analyst, and technical project manager. After a decade, Anne was promoted to management and worked as an IT Director, Vice President of IT and Chief Information Security Officer (CISO). Anne earned her PhD from Benedictine University.
Ken Sigler
Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. His primary research is in the areas of software management, software assurance, and cloud computing. He developed the college’s CIS program option entitled “Information Technologies for Homeland Security.” Until 2007, Ken served as the liaison for the college to the International Cybersecurity Education Coalition (ICSEC), of which he is one of three founding members. Ken is a member of IEEE, the Distributed Management Task Force (DMTF), and the Association for Information Systems (AIS).
Dan Shoemaker
Dan Shoemaker, PhD, is principal investigator and senior research scientist at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan has served 30 years as a professor at UDM with 25 of those years as department chair. He served as a co-chair for both the Workforce Training and Education and the Software and Supply Chain Assurance Initiatives for the Department of Homeland Security, and was a subject matter expert for the NICE Workforce Framework 2.0. Dan has coauthored six books in the field of cybersecurity and has authored over one hundred journal publications. Dan earned his PhD from the University of Michigan.