Resolve security control issues on a PaaS with this risk management framework

Grazed from TechRepublic.  Author: Judith Myerson.

Risk management provides a framework to help you select security controls to protect an information system anywhere in the development life cycle on a Platform as a Service (PaaS) — it doesn’t matter whether it’s an engineering, procurement, or personnel system.

The security controls are implemented after the risks are identified, assessed, and reduced to a low level. The implementation criteria include cost effectiveness, technological efficiency, and regulation compliance. You must document the criteria in a security plan…

The National Institute of Standards and Technology’s (NIST) Risk Management Framework(RMF) breaks down into six steps of applying security controls to a US federal information system. In a simplistic scenario, each step is described from the perspectives of a Senior Information Security System Officer (ISSO) managing a team of Information System Owners (ISOs) (also the System ISSOs), and a Security Control Assessor (SCA). Also included in the team is an authorizing official who is a departmental or organizational head…

Read more from the source @ http://www.techrepublic.com/article/resolve-security-control-issues-on-a-paas-with-this-risk-management-framework/