\"NIST and Risk Governance and Risk Management\" Please respond to the following

Question

"NIST and Risk Governance and Risk Management" Please respond to the following:

NIST provides many procedures and much guidance on IT and information security-related topics.

Assess if NIST is too large and attempts to cover too many topics. Decide if NIST should separate into different entities for different major areas, such as IT governance, risk management, information security, and others.

Assess if the various NIST documents covering risk management topics and concepts are too spread out and should be more consolidated to provide better guidance to organizations when they are establishing risk management programs.

Explanation / Answer

Answer:-

1) The NIST website has a chart which displays the different areas of liability. The Office of Information Systems Management (OPM) is one of six zones of the Associate Director for Management. The organizational chart for the OISM has a decent partition of responsibilities. From my personal knowledge splitting major areas is helpful and beneficial. A team works in the audit and compliance section, and others evaluate sector and information security help put things into perspective. If the various NIST documents defending risk management concept, and topics are to spread out and be fused to provide better guidance to companies when establishing risk management programs. Moreover, to the NIST sustenance documentation listed, there are two other notifications that apply to risk management

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.