Risk Management (RSK)

From CyberEdWiki
Jump to: navigation, search

Risk Management oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. [NIST SP 800-181]

The Risk Management NICE Framework Specialty Area contains the following Work Roles: