According to NIST (2018), implementing a risk management framework can provide guidelines for managing security, and privacy risks and preventing the events mentioned above by:
As shown in Figure 1, there are seven steps in the risk management framework. All these steps are essential for successfully executing the risk management framework.
Figure 1. Risk Management Framework
- Ensuring that managing system-related security and privacy risk are consistent with the company's objectives, the organization, and risk management strategies implemented by the stakeholders.
- Achieving privacy protections for individuals and security protection for the company’s digital infrastructure by implementing risk response strategies.
- Supporting informed authorization decisions and supporting traceability of security and privacy information.
- Facilitating the integration of security and privacy controls into the company’s architecture, SDLC processes, and systems engineering processes.
As shown in Figure 1, there are seven steps in the risk management framework. All these steps are essential for successfully executing the risk management framework.
Figure 1. Risk Management Framework