This week, we're tackling two related questions about Risk Management Frameworks (RMFs).

“I keep hearing people refer to different security frameworks as ‘RMFs’. What is an RMF and how is it different from a security framework?”

“Can you give some real-world examples of how RMF principles (such as user audits and access control) can scale down for a small business without feeling overwhelming? They seem so bureaucratic and time consuming and, honestly, time is precious!”

Want to get your own compliance or security questions answered? Ask them at https://blacksmithinfosec.com/ask

This week, Mike and Jared tackle 2 listener questions.

First, a question from an anonymous user: I’ve heard a lot about a “CIA triad”. What is that, and how does it apply to compliance? Is this some sort of spy thing?Second, a question from a California-based MSP: A lot of my clients are doctors, dentists, and restaurants. Many of them operate on razor thin margins and tell me they can’t afford to be compliant. What should I tell them?Want to get your own questions answered? Head to https://blacksmithinfosec.com/ask