Get startedGet started for free

Introduction to risk management frameworks

1. Introduction to risk management frameworks

As a cloud security professional, you'll usually have to work with an organization's risk management tools to identify and manage possible threats. These tools are usually summarized in an organization's risk management program, which is often informed by a framework, standard, or regulation. In this video, you'll learn about some of the common frameworks and their importance for an organization's security. It’s important to call out our discussion in this course should not be considered legal advice. A risk management framework is a set of practices, processes, and technologies that enable an organization to identify, assess, analyze, and manage risk within an organization. Frameworks are a tool for risk management. Their goal is to reduce risks to an acceptable level and improve security posture. Frameworks identify common goals around cloud security, and provide the structure and common language needed to maintain them. Here are some examples of industry standard frameworks. The National Institute of Standards and Technology, better known as NIST; Cybersecurity Framework The International Organization for Standardization, or ISO, 27001; and System and Organization Controls 2, referred to as SOC 2. The NIST Cybersecurity Framework, or CSF, is a voluntary framework that outlines a risk-based approach for governing security, privacy, and cyber supply-chain risk management. The NIST CSF helps organizations to better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The CSF provides an outline of best practices to help an organization decide where to focus their time and money for cybersecurity protection. Another framework you might work with is based on ISO 27001, which is an international certification that focuses on information security management systems. ISO 27001 is a combination of standards included in other frameworks, and its goal is to protect three main aspects of information. Confidentiality: only authorized persons have the right to access information. Integrity: only authorized persons can change the information. And availability: the information must be accessible to authorized persons whenever it is needed. The last risk management framework that's commonly used in cloud security is the SOC 2 framework. The SOC 2 framework was developed by the American Institute of Certified Public Accountants, or AICPA, and leverages the AICPA’s Trust Services Criteria to build trust and confidence for clients about a third-party service provider's system. The Trust Services Criteria are used to evaluate controls relevant to security, availability, and processing integrity of the system that a third-party service organization uses to process client’s data and the confidentiality and privacy of the information the system processes. As a cloud security professional, you'll usually have to work with different security frameworks, so learning about the more common ones and their goals is very important. The more you know, the more you can safeguard a business’s network and data. Now that you're familiar with the most widely used frameworks, you can continue to build your knowledge as you grow your career in cloud security.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.