RISK

Cyber-Recon provides cybersecurity risk management services to both the private and public sectors.  In the public sectors Cyber-Recon has served  FBI, DOT, DoD and intelligence agencies. In the private sector Cyber-Recon has supported the cybersecurity  risk management functions in the financial services sector. The Cyber-Recon team specializes in helping its clients adopt and implement the NIST Risk Management Framework in managing systems and enterprise level risks. Cyber-Recon also partners with Mission Critical Institute to help cybersecurity risk management students to acquire practical experience in applying the NIST Risk Management Framework methodology.

Recent Posts

brown banner

Correctly implementing the Risk Management Framework (RMF) in your organization, with the associated security controls and inheritance models can not only speed your system development timeline, but can also reduce overall security and compliance costs while increasing the organization’s overall security posture.

Unlike older methods, that evaluated a systems security and risk in isolation, the RMF looks at the security and risk impact of introducing a new information systems to the entire organization.

Contact the security professionals at Cyber-Recon, LLC to learn more about implementing the RMF in your environment.

Categorize
Categorize

Categorize

Categorize, Describe, and Register the Information System
Select
Select

Select Security Controls

Identify and Select Required Security Controls. Develop Continuous Monitoring Strategy, and Approve SSP
icon
icon

Implement Security Controls

Implement, and Document Required Security Controls
Assess Security Controls
Assess Security Controls

Assess Security Controls

Develop Assessment Plan and Assess Required Security Controls.  Report on Findings
Authorize Information System
Authorize Information System

Authorize the Information System

Prepare POA&M, Assemble Authorization Package, Determine Risk.
icon
icon

Monitor Security Controls

Monitor Security Controls for Continued Effectiveness

View the latest videos from the Cyber-Recon Learning Series.

RMF Lab

RMF Lab

The RMF Lab is a comprehensive environment that allows students to learn the ins and outs of the risk management framework (RMF) is simulated organizational environment. The lab will introduce the students to each task in the six steps of the risk management framework.

Security Control Classes

This short video describes the changes to how control classes relate to the control families in NIST SP 800-53 Revision 4. It provides a bit of contrast between revision 3 and 4 and what options you, as a security professional, have when using classes.

Introduction to the POA&M

Introduction to the POA&M

In the short video the plan of action and milestones (POA&M) document is introduced and requirements established by the office of management and budget (OMB) explained. The POA&M is part of the required documents used to authorize a system or common control set under FISMA, FedRAMP, and is a critical part of the RMF.