Netwerk Guardian has adopted the NIST Risk Management Framework as its foundation for institutional information security risk management. The risk management process includes the following steps:
1. Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss
2. Select an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk
3. Implement the controls and describe how the controls are employed within the system and its environment of operation
4. Assess the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes with respect to satisfying the security and privacy requirements
5. Authorize the system or common controls based on a determination that the risk to organizational operations and assets, individuals and other organizations is acceptable.
6. Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
In addition, Netwerk Guardian will partner with the information system owners (unit leadership/business owner/service owner) and information data owners to determining the area of responsible for the systems and applications under their control. As well as performing risk assessments to identify risks and work to address or mitigate such risks to an acceptable level.