{"id":9855,"date":"2017-08-23T10:00:00","date_gmt":"2017-08-23T16:00:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/information-security-risk-management-framework\/"},"modified":"2023-03-10T09:55:45","modified_gmt":"2023-03-10T16:55:45","slug":"%ec%a0%95%eb%b3%b4-%eb%b3%b4%ec%95%88-%ec%9c%84%ed%97%98-%ea%b4%80%eb%a6%ac-%ed%94%84%eb%a0%88%ec%9e%84%ec%9b%8c%ed%81%ac","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/","title":{"rendered":"\uc815\ubcf4 \ubcf4\uc548 \uc704\ud5d8 \uad00\ub9ac \ud504\ub808\uc784\uc6cc\ud06c \uad6c\ud604"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Weathered concrete wall with a hand-drawn arrow pointing right, cracked and faded surface texture suggesting direction, transition, and forward movement through a stark minimalist backdrop.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward-300x186.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward-1024x636.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward-768x477.png 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2017-08-23T10:00:00-06:00\">8\uc6d4 23, 2017<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Realizing an information security risk management framework<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/ko\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">4 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Realizing%20an%20information%20security%20risk%20management%20framework').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Finformation-security-risk-management-framework%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Realizing%20an%20information%20security%20risk%20management%20framework&url=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Finformation-security-risk-management-framework%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Finformation-security-risk-management-framework%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Finformation-security-risk-management-framework%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h2><\/h2>\n<p>All organizations face information security risk exposure. Every security manager must confront the reality that there are far more risks than can ever be reasonably managed. So, how does the security team determine which risks deserve its attention?<\/p>\n<blockquote>\n<p>Every security manager must confront the reality that there are far more cybersecurity risks than can ever be reasonably managed.<\/p>\n<\/blockquote>\n<p>From there, how much effort should be put into mitigating a given risk? Not all risks command the same level of resources. What countermeasures are suitable? The <a href=\"https:\/\/csrc.nist.gov\/projects\/risk-management\/risk-management-framework-(RMF)-Overview\" target=\"_blank\" rel=\"noreferrer noopener\">Information Security Risk Management Framework<\/a> (ISRMF) provides a method for answering these important questions.<\/p>\n<h3>What is an information security risk management framework?<\/h3>\n<p>While definitions vary, an ISRMF is typically a bundle of processes and practices. The framework enables security managers to pinpoint where they are most vulnerable and, then, how to deal with those vulnerabilities.<\/p>\n<p>The NIST Risk Management Framework is one prominent example. It\u2019s required for Federal agencies that must comply with FISMA and related laws. In particular, compliant agencies must follow NIST SP 800-37, the \u201cGuide for Applying the Risk Management Framework.\u201d<\/p>\n<p>Frameworks like NIST\u2019s are based on the principle that risk can never be eliminated. Rather, it must be managed. That is, a good security manager will put maximum resources into protecting the organization from the most serious risks. The NIST framework offers six steps to get to this outcome:<\/p>\n<ol>\n<li><strong>Categorize Information Systems<\/strong> (NIST SP 800-60) \u2013 Involves categorizing security objectives (e.g. confidentiality, data integrity and defining impact levels as high, low, etc.).<\/li>\n<li><strong>Select Security Controls<\/strong> (NIST SP800-53) &#8211; Specifies implementing a minimum baseline of security controls.<\/li>\n<li><strong>Implement Security Controls<\/strong> \u2013 Includes the preparation of controls, setting up of threat detection and analysis methods and tools, threat containment, eradication and recovery as well as post-incident follow-up processes.<\/li>\n<li><strong>Assess Security Controls<\/strong> (NIST SP 800-53A) \u2013 Requires the assessment of security controls for effectiveness by methods like interviewing stakeholders, as well as the examination and testing of controls.<\/li>\n<li><strong>Authorize Information Systems<\/strong> (NIST SP 800-37) &#8211; Examines the output of the security controls assessment to determine whether or not the level of risk is acceptable.<\/li>\n<li><strong>Monitor Security State<\/strong> (NIST SP 800-137 and SP 800-53A) \u2013 Defines a continuous monitoring strategy, including monitoring frequency, metrics and reporting.<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1749\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/wp\/2017\/08\/information-security-risk-management-framework-flow.jpg\" alt=\"information security risk management framework - flow\" width=\"394\" height=\"394\"><br>The subtext of the entire process delves into the analysis of four interdependent risk factors:<\/p>\n<ul>\n<li>Threats<\/li>\n<li>Vulnerabilities<\/li>\n<li>Likelihoods<\/li>\n<li>Impacts<\/li>\n<\/ul>\n<p>A <strong>threat<\/strong> is a person or technology that has the potential to attack your organization (e.g. malware or a phishing attack). A <strong>vulnerability<\/strong> to the threat occurs when your organization\u2019s defenses against that threat are not adequate (e.g. a deficient firewall). <strong>Likelihood<\/strong> is the probability that the attacker will take advantage of the vulnerability. <strong>Impact<\/strong> is the effect, usually in dollars, of a successful attack.<\/p>\n<p>Put another way: How likely are you to experience a security incident with a <a href=\"https:\/\/swimlane.com\/blog\/cost-delayed-threat-response\/\">high (costly) impact<\/a>? Those with high impact obviously deserve the most attention and biggest resource allocations. In the NIST framework, the selection, implementation and assessment of security controls revolves around this question.<\/p>\n<blockquote>\n<p>The selection, implementation and assessment of security controls can help you determine the likelihood that your organization will become the victim of a high impact incident.<\/p>\n<\/blockquote>\n<h3>How to realize an ISRMF<\/h3>\n<p>There are many details involved to realize an ISRMF. The NIST framework includes multiple Special Publications describing how it should be implemented. Yet, even though there are numerous suggestions and best practices provided, two underlying capabilities make the rest of it possible: Integration and automation.<\/p>\n<h4>Integration<\/h4>\n<p>Integration is essential to ISRMF implementation because many separate systems must work together to realize a framework\u2019s objectives. Firewalls must communicate with the Intrusion Detection System (IDS) and Security Incident and Event Management (SIEM) solutions. Security monitoring tools work best when integrated with threat databases and specialized detection systems. Everything needs to connect with reporting tools, and on and on.<\/p>\n<p>Today\u2019s security solutions tend to use the <a href=\"https:\/\/en.wikipedia.org\/wiki\/OpenAPI_Specification\" target=\"_blank\" rel=\"noreferrer noopener\">Open API Specification<\/a> as their main mode of integration. Open API details machine-readable Application Programming Interface (API) files that are able to describe, produce, consume and visualize RESTful web services. It\u2019s possible to devise a RESTful web service and API from scratch, but the Open API Specification makes it simpler for multiple software applications to be connected.<\/p>\n<p>Security tools using Open API can expose functional interfaces to one another relatively easily. One tool can request data, send data or invoke a procedure call from another tool using the REST standard and open source languages, like JSON, and common transports, like HTTP.<\/p>\n<h4>Automation<\/h4>\n<p><a href=\"https:\/\/swimlane.com\/blog\/automated-incident-response-respond-every-alert\/\">Automation<\/a>, the other capability needed for ISRMF implementation, puts the API-based integrations to work. There are so many moving parts to an ISRMF, automation is extremely useful in making it practical for a security team. Without automation, ISMRF is often overwhelming.<\/p>\n<h3>Security automation and orchestration (SAO) and the ISRMF<\/h3>\n<p><a href=\"https:\/\/swimlane.com\/blog\/security-automation\/\">Security Automation<\/a> and <a href=\"https:\/\/swimlane.com\/security-orchestration-platform\/\">Orchestration<\/a> (SAO) tools bring together the potential of integration and automation for an ISRMF. They leverage these capabilities to help security teams automate time-consuming ISRMF processes. And they allow security analysts to focus their expertise on more subjective, important risk management tasks.<\/p>\n<blockquote>\n<p><a href=\"https:\/\/swimlane.com\/security-automation-and-orchestration\/\">Security automation and orchestration<\/a> (SAO) tools bring together the potential of integration and automation for an ISRMF.<\/p>\n<\/blockquote>\n<p>The SAO\u2019s integration functions, which typically use Open API, provide a way to orchestrate automated security processes across multiple systems. For example, in NIST\u2019s Step 3, SAO can be used to set up automated threat detection and analysis. An SAO solution, like Swimlane, can identify a suspicious binary as it appears on the network. Then, it can automatically check it against known threats without the need for human involvement.<\/p>\n<p>To check, Swimlane uses its Open API integration capability to send the binary to a third-party threat intelligence database. The database compares the suspicious binary to known threats. The Swimlane API then receives a message back from the threat database. At that point, if the threat is genuine, Swimlane\u2019s orchestration engine is able to execute a series of automated steps. These include setting up a ticket, emailing key stakeholders, quarantining the threat, updating the threat database and so forth. In this way, Swimlane puts the ISRMF\u2019s concepts into action while avoiding overloading the security team with busy work.<\/p>\n<p>SAO tools also facilitate the implementation of ISRMF steps including monitoring and post-incident follow up. They create logs of the incident response tasks performed. This is a holistic approach that results in time savings in collecting information about the incident for later use.<\/p>\n<h3>How Swimlane can help<\/h3>\n<p>Swimlane delivers <a href=\"https:\/\/swimlane.com\/security-automation-and-orchestration\/\">security automation and orchestration<\/a> that is easy to implement and use. It is known for manageability and scalability. Swimlane allows a security operations team to leverage the capabilities of their existing security solutions to enrich the information presented. Combined with open API-based integration capabilities, these present a powerful means to realize an ISRMF.<\/p>\n<p>To learn more about Swimlane SAO, <a href=\"https:\/\/swimlane.com\/demo\/\">schedule a demo today<\/a>.<\/p>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n<div class=\"bs-div bs-div-ffc71f24880cf5ca65c4a54e87fb14a656cc562d bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d0e92447696 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/managing-security-as-a-business-risk-part-2\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>4\uc6d4 26, 2015<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Why managing information security as a business risk is critical, part 2: Reputational harm<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d0e92448c7a bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/managing-security-as-a-business-risk\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>4\uc6d4 9, 2015<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Why managing information security as a business risk is critical, part 1: Financial impact<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d0e92449cef bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/managing-security-as-a-business-risk-part-3\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>5\uc6d4 12, 2015<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Why managing information security as a business risk is critical, part 3: Intellectual property<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9856,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[],"class_list":["post-9855","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Realizing an information security risk management<\/title>\n<meta name=\"description\" content=\"An information security risk management framework is essential for identifying and prioritizing risks. Realizing the framework automatically.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc815\ubcf4-\ubcf4\uc548-\uc704\ud5d8-\uad00\ub9ac-\ud504\ub808\uc784\uc6cc\ud06c\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Realizing an information security risk management framework\" \/>\n<meta property=\"og:description\" content=\"An information security risk management framework is essential for identifying and prioritizing risks. Realizing the framework automatically.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc815\ubcf4-\ubcf4\uc548-\uc704\ud5d8-\uad00\ub9ac-\ud504\ub808\uc784\uc6cc\ud06c\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-10T16:55:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1120\" \/>\n\t<meta property=\"og:image:height\" content=\"696\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data1\" content=\"6\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/\",\"url\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/\",\"name\":\"Realizing an information security risk management\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/ko\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png\",\"datePublished\":\"2017-08-23T16:00:00+00:00\",\"dateModified\":\"2023-03-10T16:55:45+00:00\",\"description\":\"An information security risk management framework is essential for identifying and prioritizing risks. Realizing the framework automatically.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png\",\"width\":1120,\"height\":696,\"caption\":\"Weathered concrete wall with a hand-drawn arrow pointing right, cracked and faded surface texture suggesting direction, transition, and forward movement through a stark minimalist backdrop.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Realizing an information security risk management framework\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/ko\/#website\",\"url\":\"https:\/\/swimlane.com\/ko\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/ko\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/ko\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/ko\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/ko\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\uc815\ubcf4 \ubcf4\uc548 \uc704\ud5d8 \uad00\ub9ac \uc2e4\ud604","description":"\uc815\ubcf4 \ubcf4\uc548 \uc704\ud5d8 \uad00\ub9ac \ud504\ub808\uc784\uc6cc\ud06c\ub294 \uc704\ud5d8\uc744 \uc2dd\ubcc4\ud558\uace0 \uc6b0\uc120\uc21c\uc704\ub97c \uc815\ud558\ub294 \ub370 \ud544\uc218\uc801\uc785\ub2c8\ub2e4. \ud504\ub808\uc784\uc6cc\ud06c\ub97c \uc790\ub3d9\uc73c\ub85c \uad6c\ud604\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc815\ubcf4-\ubcf4\uc548-\uc704\ud5d8-\uad00\ub9ac-\ud504\ub808\uc784\uc6cc\ud06c\/","og_locale":"ko_KR","og_type":"article","og_title":"Realizing an information security risk management framework","og_description":"An information security risk management framework is essential for identifying and prioritizing risks. Realizing the framework automatically.","og_url":"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc815\ubcf4-\ubcf4\uc548-\uc704\ud5d8-\uad00\ub9ac-\ud504\ub808\uc784\uc6cc\ud06c\/","og_site_name":"AI Security Automation","article_modified_time":"2023-03-10T16:55:45+00:00","og_image":[{"width":1120,"height":696,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"6\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/","url":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/","name":"\uc815\ubcf4 \ubcf4\uc548 \uc704\ud5d8 \uad00\ub9ac \uc2e4\ud604","isPartOf":{"@id":"https:\/\/swimlane.com\/ko\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png","datePublished":"2017-08-23T16:00:00+00:00","dateModified":"2023-03-10T16:55:45+00:00","description":"\uc815\ubcf4 \ubcf4\uc548 \uc704\ud5d8 \uad00\ub9ac \ud504\ub808\uc784\uc6cc\ud06c\ub294 \uc704\ud5d8\uc744 \uc2dd\ubcc4\ud558\uace0 \uc6b0\uc120\uc21c\uc704\ub97c \uc815\ud558\ub294 \ub370 \ud544\uc218\uc801\uc785\ub2c8\ub2e4. \ud504\ub808\uc784\uc6cc\ud06c\ub97c \uc790\ub3d9\uc73c\ub85c \uad6c\ud604\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.","breadcrumb":{"@id":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/08.23.17-Framework-Forward.png","width":1120,"height":696,"caption":"Weathered concrete wall with a hand-drawn arrow pointing right, cracked and faded surface texture suggesting direction, transition, and forward movement through a stark minimalist backdrop."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/ko\/blog\/information-security-risk-management-framework\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Realizing an information security risk management framework"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/ko\/#website","url":"https:\/\/swimlane.com\/ko\/","name":"\ub85c\uc6b0\ucf54\ub4dc \ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f SOAR \ud50c\ub7ab\ud3fc | \uc2a4\uc714\ub808\uc778","description":"\ubaa8\ub4e0 \ubcf4\uc548 \uae30\ub2a5\uc744 \uc704\ud55c \uc5d0\uc774\uc804\ud2b8 \uae30\ubc18 AI \uc790\ub3d9\ud654","publisher":{"@id":"https:\/\/swimlane.com\/ko\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/ko\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/ko\/#organization","name":"\ub85c\uc6b0\ucf54\ub4dc \ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f SOAR \ud50c\ub7ab\ud3fc | \uc2a4\uc714\ub808\uc778","url":"https:\/\/swimlane.com\/ko\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource\/9855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource\/9855\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/media\/9856"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/media?parent=9855"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/tags?post=9855"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-type?post=9855"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-topic?post=9855"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-industry?post=9855"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/blog-category?post=9855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}