It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk.

Slides:

Advertisements

Similar presentations

Software Quality Assurance Plan

Advertisements

Ch-11 Project Execution and Termination. System Testing This involves two different phases with two different outputs First phase is system test planning.

Software Quality Assurance Plan

Project Management Framework May 2010 Ciaran Whyte Risk Administrator Planning & Strategic Projects Unit.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

Elisati Hulu. Definition  “a deliverable-oriented hierarchical decomposition of the work to be executed by the project team to accomplish the project.

Lesson 10 IT Project & Program Management.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.

Chapter 3: The Project Management Process Groups

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Risk Management Framework

Federal IT Security Professional - Manager FITSP-M Module 1.

NIST SP , Revision 1 Applying Risk Management to Information Systems (Transforming the Certification and Accreditation Process) A Tutorial February.

Development plan and quality plan for your Project

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

A District Perspective Thomas Purwin, Jersey City Public Schools

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Project Life Cycle Introduction and Overview © Ed Green Penn State University All Rights Reserved.

Complying With The Federal Information Security Act (FISMA)

Project Management Fundamentals Project Organization and Integration

What is Business Analysis Planning & Monitoring?

Effective Methods for Software and Systems Integration

Unit Introduction and Overview

Project Management Process Overview

CHAPTER 4 The strategic Planning function รศ. ดร. เสรี วงษ์มณฑา.

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

Ship Recycling Facility Management System IMO Guideline A.962

Security Assessments FITSP-A Module 5

Enterprise Product Implementation Process. Components of a Successful Implementation  A detailed Scope Document for customer review and signoff  Creation.

TEL2813/IS2820 Security Management

15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

NIST Special Publication Revision 1

Federal IT Security Professional - Auditor

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

OBJECTIVES, JOB TITLES, WRITING JD, FORMATS & PROFILING Job Description By: Arthur Gonzaga &Lane Joan Baay.

SacProNet An Overview of Project Management Techniques.

ISM 5316 Week 3 Learning Objectives You should be able to: u Define and list issues and steps in Project Integration u List and describe the components.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

Chapter 6 Architectural Design.

Enabling Project Communication, Collaboration & Workflow (CCW)

I n t e g r i t y - S e r v i c e - E x c e l l e n c e Business & Enterprise Systems The Integrated Master Plan (IMP) and the Integrated Master Schedule.

G53SEC 1 Reference Monitors Enforcement of Access Control.

Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?

University of Sunderland CIFM02 Unit 4 COMM02 Project Planning Unit 4.

Managing Change 1. Why Do Requirements Change?  External Factors – those change agents over which the project team has little or no control.  Internal.

Risk Management - “Local Government Pitfalls.” IMFO – Sustainability Workshop Risk Management 30 March

ISO DOCUMENTATION. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to:  Name.

Authorizing Information Systems FITSP-A Module 6.

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Lesson 1: Examining Professional Project Management Topic 1A: Identify Project Management Processes.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Course Enhancement Module on Evidence-Based Reading Instruction K-5 Collaboration for Effective Educator Development, Accountability, and Reform H325A

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.

© Cloud Security Alliance, 2015 March 2, Agenda © Cloud Security Alliance, 2015 The SecaaS Working Group Recent Activity Charter Category outline/templates.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

P3 Business Analysis. 2 Section F: Project Management F1.The nature of projects F2. Building the Business Case F4. Planning,monitoring and controlling.

Accounting systems design & evaluation 9434SB 18 March 2002.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

Software Configuration Management

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Outcome TFCS-11// February Washington DC

Project Management Process Groups

Project Integration Management

Project Integration Management

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Presentation transcript:

It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk. SP Managing Information Security Risk (March 2011) Leadership

FITSP-M Exam Module Objectives  Security Assessments and Authorization –Administer and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems –Manage mechanisms that authorize the operation of organizational information systems and any associated information system connections

Authorization OverviewAuthorization Overview  Section A: Authorization Tasks –Authorization Package –Authorization Decisions –Authorization Decision Document  Section B: Authorization Elements –Ongoing Authorization –Type Authorization –Authorization Approaches

AUTHORIZATION TASKS Section A

RMF Step 4 - Authorization  Describe Plan of Action and Milestones  Understand the Elements of the Security Authorization Package  Understand Risk Determination  Understand Risk Acceptability  Distinguish between the Security Authorization Decisions

RMF Step 5 – Authorize Information System  Plan of Action and Milestones  Security Authorization Package  Risk Determination  Risk Acceptance

Authorization Package

Authorization Decisions  Authorization to Operate  Denial Of Authorization to Operate  Interim Authorization to Test  Interim Authorization to Operate

Authorization Decision Document  Authorization decision  Terms and conditions for the authorization  Authorization termination date  Risk executive (function) input (if provided)

Knowledge Check  What is the first step in the Authorization RMF step?  What documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls?  What are the contents of the Authorization Package, from System Owner to Authorizing Official?  The authorization decision document contains what information?

AUTHORIZATION ELEMENTS Section B

Ongoing Authorization  Maintains Knowledge of Current Security State  Re-execute RMF Step(s)  Maximize Use of Status Reports  Reauthorization –Time-driven –Event-driven

Type Authorization Official authorization decision to employ identical copies of an information system or subsystem (including hardware, software, firmware, and/or applications) in specified environments of operation.

Authorization Approaches  Single Authorizing Official  Multiple Authorizing Officials  Leveraging an Existing Authorization

Authorization Key Concepts & Vocabulary  Authorization Package  Authorization Decisions  Authorization Decision Document  Ongoing Authorization  Type Authorization  Authorization Approaches

Questions? Next Module: Continuous MonitoringContinuous Monitoring