debate: csf or rmf? which is better for managing it security risk?


Many businesses follow NIST guidance for identifying, managing, remediating, and monitoring Information Systems Risk. Some follow the guidance because of contractual mandates (i.e. they’re under contract to the US Federal Government). Other businesses follow the NIST guidance because it represents “best practices” and is a widely accepted source of guidance.

Write a 3 to 5 paragraph position statement in which you identify and describe 3 to 5 contributions that your chosen framework (CSF or RMF) will make to effective management of enterprise IT risk.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.