Although the risk management framework’s focus is largely on the importance of protecting information and security programs, it will also help the organization in other more implicit ways. If implemented properly and continuously monitored, it will save an organization significant time, money, and effort in the long run. Being able to focus on organizational goals while having a concrete way to continuously manage risk is what RMF is all about, it makes risk management feasible.
RMF creates confidence in the privacy of personally identifiable information, and for organizations handling large amounts of this information, an extremely expensive lawsuit is always a possibility. Without proper risk management, the loss of private information can result in large lawsuits.
RMF is a slow process and will require systems to stop operating for periods of time, but when authorization is achieved, and an effective continuous monitoring program has been put in place, the organization will be able to stand on a firm foundation while striving to meet organizational goals.
