There are a number of approaches to managing risk. Managing risk is a complex process and requires the input from the whole organization. There are three tiers associated with the respective portions of the organization:
The risk management process begins early in the System Development Life Cycle (SDLC). A majority of the work of the RMF is done at Tier 3.
Download Solution Brief
There are three type so security controls that can be used within an organization: