CYB 207 Wk 3 Discussion

Post a total of 3 substantive responses over 2 separate days for full participation. This includes your initial post and 2 replies to classmates or your faculty member.

Option 1

Due Thursday

The NIST SP 800-37 defines two important roles within the RMF process, especially during the authorization steps: (1) information system owner and (2) information owner. During Step 1 of the NIST RMF process, the two roles work together to classify information and categorize the IT systems. The two roles also have a significant stake in the authorization of an IT system in order to conduct operations. In some cases, they may have differing objectives.

Research each role (information system owner and information owner) and describe how the authorization process must consider the perspectives of each role.

Provide an example where the roles may conflict.

Explain a situation where the authorizing official may need to resolve a decision based on the risks presented in the risk assessment report.

Due Monday

Post 2 replies to classmates or your faculty member. Be constructive and professional.

Option 2

Due Thursday

Appendices D and E of the NIST SP 800-37 describe the roles and responsibilities involved in the RMF process.

Describe two of the roles, beyond the Information System Owner and Information Owner, which have a direct stake in the authorization process.

Explain how they would collaborate together during Step 5 of the NIST RMF process. Include their specific RMF tasks during Step 5, and explain any conflicts that may arise between the two roles.

Due Monday

Post 2 replies to classmates or your faculty member. Be constructive and professional.