Amazed by this news. Space X is more rapidly around us.
SpaceX Falcon 9 successfully launches Koreasat 5A
SpaceX has launched the Koreasat-5A communications satellite for South Korea’s KT SAT on Monday, with a Falcon 9 lifting off from the Kennedy Space Center to carry the satellite into geosynchronous transfer orbit. Launch occurred on time at 15:34 local time (19:34 UTC), at the opening of a two-hour, 24-minute window. Landing of the first stage was also successful, albeit resulting in a “toasty” engine section.
Risk Management Framework (RMF) Overview
The selection and specification of security controls for a system is accomplished as part of an organization-wide information security program that involves the management of organizational risk—that is, the risk to the organization or to individuals associated with the operation of a system. The management of organizational risk is a key element in the organization’s information security program and provides an effective framework for selecting the appropriate security controls for a system—the security controls necessary to protect individuals and the operations and assets of the organization.
The Risk Management Framework provides a process that integrates security and risk management activities into the system development life cycle. The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. The following activities related to managing organizational risk are paramount to an effective information security program and can be applied to both new and legacy systems within the context of the system development life cycle and the Federal Enterprise Architecture:
Step 1: Categorize
Step 2: Select
Select an initial set of baseline security controls for the system based on the security categorization; tailoring and supplementing the security control baseline as needed based on organization assessment of risk and local conditions2 .
Step 3: Implement
See appropriate NIST publication in the publications section.
Step 4: Assess
Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system .
Step 5: Authorize
Authorize system operation based upon a determination of the risk to organizational operations and assets, individuals, other organizations and the Nation resulting from the operation of the system and the decision that this risk is acceptable 4.
Step 6: Monitor
Monitor and assess selected security controls in the system on an ongoing basis including assessing security control effectiveness, documenting changes to the system or environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to appropriate organizational officials 5.
1. The RMF categorization step, including consideration of legislation, policies, directives, regulations, standards, and organizational mission/business/operational requirements, facilitates the identification of security requirements. FIPS 199provides security categorization guidance for nonnational security systems. CNSS Instruction 1253 provides similar guidance for national security systems.
2. NIST Special Publication 800-53 Revision 4 provides security control selection guidance for nonnational security systems. CNSS Instruction 1253 provides similar guidance for national security systems.
5. NIST Special Publication 800-37 Revision 1 provides guidance on monitoring the security controls in the environment of operation, the ongoing risk determination and acceptance, and the approved system authorization to operated status.
- CISSP Practice Exam
- 0P3N | CISSP
- CISSP Exam Guide (Sixth Edition)
- Cybrary’s Free CISSP Study Guide
- Sybex: CISSP Study Guide 6th ed.
- NEW Sybex: CISSP (ISC)2 CISSP Official Study Guide 7th ed.
- Download CISSP course MP3s
- Cybrary’s Glossary
- White Paper: How to Produce a World Class Threat Intelligence Capability
- 8 Domain downloadable presentation