Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal Information System Security Educators Association

Published byEgbert Green Modified over 9 years ago

Similar presentations

Presentation on theme: "Federal Information System Security Educators Association"— Presentation transcript:

1 Security Is Everyone’s Business: Role-Based Training for the System Development Life Cycle
Federal Information System Security Educators Association 18th Annual Conference March 22, 2005 Prepared by: Margaret Spanninger Booz Allen Hamilton (703) Good Afternoon! My name is Marge Spanninger and I lead the Information Assurance Training Team at Booz-Allen and Hamilton. This afternoon I’d like to talk to you about “Developing Security Competencies Through Information Assurance Undergraduate and Graduate Programs”

2 System Development Life Cycle (SDLC)
Security is Everyone’s Business: Role-Based Training for the SDLC Today’s Presentation Introduction Federal Information Security Management Act (FISMA) Requirements and Business Drivers System Development Life Cycle (SDLC) Personnel with Significant Security Responsibility Role-Based Training and Assurance Implementing National Institute of Standards and Technology (NIST) Special Publication (SP)

3 Security is Everyone’s Business: Role-Based Training for the SDLC Introduction
This presentation is based on the premise that security integration into organizational business processes, especially the system development life cycle (SDLC) is a fundamental requirement for FISMA compliance and achieving security performance goals. Security integration into the SDLC is one of the key elements required for resolving many of the long-standing weaknesses in information technology (IT) security and achieving sustainable performance improvements in IT security programs Personnel at all levels must understand that “security is not an option” but an integral element of all IT systems

4 Security is Everyone’s Business: Role-Based Training for the SDLC FISMA Requirements and SDLC
FISMA states under §3544. Federal agency responsibilities (b) Agency Program— “Each agency shall develop, document, and implement an agency-wide information security program that includes…(2) policies and procedures that…(C) ensure that information security is addressed throughout the life cycle of each agency information system.”

5 Security is Everyone’s Business: Role-Based Training for the SDLC Business Drivers
Security is less expensive to implement if it is planned from the beginning Building security controls into the system, rather than adding them after the system is already built improves system performance Security becomes an enabling factor rather than a barrier to success by reducing the need for expensive reengineering and reprogramming It ensures success of certification and accreditation processes and keeps the project on schedule

6 The most cost-effective security controls are chosen and implemented
Security is Everyone’s Business: Role-Based Training for the SDLC Earlier is Better If security is not identified with other requirements, it will not be addressed It is critical that security controls are planned in the earliest phases (BEFORE implementation) to ensure— Adequate and appropriate resources are allocated for security throughout the system life cycle The most cost-effective security controls are chosen and implemented A structured and consistent approach for developing and maintaining security for information systems Increased homogeneity among information systems and security controls within an organization to reduce operational costs Certification and accreditation with minimal additional effort

7 Initiation someone has a need or an idea
Security is Everyone’s Business: Role-Based Training for the SDLC Phases of the SDLC Initiation someone has a need or an idea Development/acquisition build or buy decision Implementation system development and/or integration Operation/maintenance system put into service Disposition system removed from service

8 Development/Acquisition Implementation
Security is Everyone’s Business: Role-Based Training for the SDLC Security Tasks In the SDLC Initiation Needs Determination Security Categorization Risk Assessment Development/Acquisition Security Functional Requirements Analysis Security Assurance Requirements Analysis Cost Considerations Security Control Development Developmental Security Test and Evaluation Acquisition specifications Implementation Inspection and Acceptance System Integration Certification & Accreditation Operations & Maintenance Configuration Management and Control Continuous Monitoring Disposition Information Preservation Media Sanitization Hardware and Software Disposal

9 Security is Everyone’s Business: Role-Based Training for the SDLC Personnel with Significant Security Responsibilities FISMA states under §3544. Federal agency responsibilities (a) In General.—The head of each agency shall— “(3) delegate to the agency Chief Information Officer…the authority to ensure compliance with the requirements imposed on the agency under this subchapter, including—…(D) training and overseeing personnel with significant responsibilities for information security with respect to such responsibilities; (4) ensure that the agency has trained personnel sufficient to assist the agency in complying with the requirements of this subchapter and related policies, procedures, standards, and guidelines;…”

10 Program and functional managers Chief Information Officers (CIO)
Security is Everyone’s Business: Role-Based Training for the SDLC OPM Clarifies Who Needs Trained OPM 5 CFR part Computer security training program states that the following positions must be trained in computer security basics and other domains Executives Program and functional managers Chief Information Officers (CIO) IT security program managers Auditors System and network administrators System/application security officers IT function management and operations personnel

11 Their participation provides assurance that—
Security is Everyone’s Business: Role-Based Training for the SDLC Moving from Theory to Practice It is critical that personnel in positions with significant security responsibilities actively participate in the SDLC Their participation provides assurance that— 1) security requirements have been addressed 2) countermeasures have been identified 3) controls have been properly implemented and tested 4) all changes to the operational system are reviewed to ensure the integrity of the system and security solution that have been certified and accredited 5) the data, hardware, software, and documentation are disposed of properly

12 Three primary domains of security knowledge Laws and regulations
Security is Everyone’s Business: Role-Based Training for the SDLC NIST Provides Framework Three primary domains of security knowledge Laws and regulations Security programs with two sub-categories Security in the SDLC with six subcategories Six functional roles associated with each of the primary categories Manage Acquire Design and develop Implement and operate Review and evaluate Use Twenty-six positions with significant security responsibilities

13 Information Resource Manager Records Mgt. Official FOIA Official
Security is Everyone’s Business: Role-Based Training for the SDLC Personnel With Significant Security Responsibilities Play Critical Role CIO Sr. IRM Official System Owner Program Manager Information Resource Manager Records Mgt. Official FOIA Official Privacy Act Official DAA Certification Reviewer ISO/ISM Auditor, Internal Auditor External Source Selection Board Contracting Officer COTR System Designer/Developer System/Program Analyst Data Center Manager Network Administrator System Administrator Database Administrator Technical Support (Help Desk) System Operator Telecommunications Specialist Any position that uses IT resources Executive Acquisition Design and Development Management Operations Compliance User

14 System interconnection (physical access)
Security is Everyone’s Business: Role-Based Training for the SDLC The NIST Core Body of Knowledge Laws and regulations IT security programs System environment System interconnection (physical access) Information sharing (logical access) Sensitivity Risk management Life cycle controls Management controls Operational controls Technical controls Awareness, training and education

15 Security is Everyone’s Business: Role-Based Training for the SDLC Stakeholders and the SDLC
Technical Support (Helpdesk) System Designer/Developer Information Resource Mgr. System/Program Analyst Source Selection Board Database Administrator Network Administrator Certification Reviewer Records Mgt. Official Data Center Manager System Administrator Telecomm. Specialist Privacy Act Official Contracting Officer Program Manager System Operator Auditor, Internal Auditor External Sr. IRM Official System Owner FOIA Official ISO/ISM COTR CIO DAA Users SDLC Phase Initiation Development/Acquisition Implementation/Integration Operations & Maintenance Disposal

16 Security is Everyone’s Business: Role-Based Training for the SDLC Role-Based Training and NIST SP

17 Security is Everyone’s Business: Role-Based Training for the SDLC Manage Role, CBK, and Positions
System Interconnection Awareness and Training Laws and Regulations Management Controls System Environment Operational Controls IT Security Program Information Sharing Life Cycle Controls Risk Management Technical Controls Sensitivity Core Body of Knowledge System Designer/Developer Info. Resource Manager Network Administrator Database Administrator System Administrator Data Center Manager Senior IRM Official Program Manager System Owner ISO/ISM CIO Positions Cell 1A 2.1A 2.2A 3.1A 3.2A NA 3.4A 3.5A 3.6A Key: Domains Laws and Regulations SP – Planning SP – Management SLCS – Initiation SLCS – Development SLCS – Test & Evaluation SLCS – Implementation SLCS – Operation SLCS – Termination SP = Security Program SLCS = Sys Life Cycle Security

18 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Manage (1 of 3) 1A, Laws and Regulations – Managers are able to understand applicable governing documents and their relationships and interpret and apply them to the manager’s area of responsibility. 2.1A, Security Program: Planning – Individuals involved in the management if IT security programs are able to understand principles and processes of program planning and can organize resources to develop a security program that meets organizational needs. 2.2A, Security Program: Management – Individuals in IT security program management understand and are able to implement a security program that meets their organization’s needs.

19 3.3A, Life Cycle: Test & Evaluation – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Manage (2 of 3) 3.1A, Life Cycle: Initiation – Individuals with management responsibilities are able to identify steps in the SDLC where security requirements and concerns need to be considered and to define the processes to be used to resolve those concerns. 3.2A, Life Cycle: Development – Individuals with management responsibilities are able to ensure that the formal development baseline includes approved security requirements and that security-related features are installed, clearly identified, and documented. 3.3A, Life Cycle: Test & Evaluation – Not applicable.

20 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Manage (3 of 3) 3.4A, Life Cycle: Implementation – Individuals with management responsibilities are able to oversee the implementation and deployment of an IT system in a manner that does not compromise in-place and tested security safeguards. 3.5A, Life Cycle: Operations – Individuals with management responsibilities are able to monitor operations to ensure that safeguards are effective and have the intended effect on balancing efficiency with minimized risk. 3.6A, Life Cycle: Termination – Individuals with management responsibilities are able to understand the special IT security considerations and measures required during the shutdown of a system, and effectively plan and direct these activities.

21 Security is Everyone’s Business: Role-Based Training for the SDLC Acquire Role, CBK, and Positions
System Designer/Developer Source Selection Board Info. Resource Manager Telecomm Specialist Contracting Officer Senior IRM Official Program Manager System Owner ISO/ISM COTR Positions System Interconnection Awareness and Training Laws and Regulations Management Controls System Environment Operational Controls IT Security Program Information Sharing Life Cycle Controls Risk Management Technical Controls Sensitivity Domains SP – Planning SP – Management SLCS – Initiation SLCS – Development SLCS – Test & Evaluation SLCS – Implementation SLCS – Operation SLCS – Termination SP = Security Program SLCS = Sys Life Cycle Security Cell 1B 2.1B 2.2B 3.1B 3.2B NA 3.4B 3.5B Key: Core Body of Knowledge

22 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Acquire (1 of 3) 1B, Laws and Regulations – Individuals involved in the acquisition of information technology resources have sufficient understanding of IT security requirements and issues to protect the government’s interests in such acquisitions. 2.1B, Security Program: Planning – Individuals involved in planning the IT security program can identify the resources required for successful implementation. Individuals recognize the need to include IT security requirements in IT acquisitions and to incorporate appropriate acquisition policy and oversight in the IT security program. 2.2B, Security Program: Management – Individuals involved in managing the IT security program have a sufficient understanding of IT security and the acquisition process to incorporate IT security program requirements into acquisition work steps.

23 3.3B, Life Cycle: Test & Evaluation – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Acquire (2 of 3) 3.1B, Life Cycle: Initiation – Individuals with acquisition responsibilities are able to analyze and develop acquisition documents and/or provide guidance which ensures that functional IT security requirements are incorporated. 3.2B, Life Cycle: Development – Individuals with acquisition responsibilities are able to monitor procurement actions to ensure that IT security requirements are satisfied. 3.3B, Life Cycle: Test & Evaluation – Not applicable.

24 3.6B, Life Cycle: Termination – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Acquire (3 of 3) 3.4B, Life Cycle: Implementation – Individuals with acquisition responsibilities are able to ensure that the system, as implemented, meets all contractual requirements related to the security and privacy of IT resources. 3.5B, Life Cycle: Operations – Individuals with acquisition responsibilities are able to understand the IT security concerns associated with system operations and to identify and use the appropriate contract vehicle to meet current needs in a timely manner. 3.6B, Life Cycle: Termination – Not applicable.

25 Security is Everyone’s Business: Role-Based Training for the SDLC Design/Develop Role, CBK, and Positions Sys. Designer/Developer Database Administrator Network Administrator Program/Sys Analyst System Administrator Info. Resource Mgr. Privacy Act Official Program Manager Auditor, Internal System Operator ISO/ISM Position Records Mgt. Official Info. Resource Mgr. Senior IRM Official System Owner FOIA Official CIO Positions System Interconnection Awareness and Training Laws and Regulations Management Controls System Environment Operational Controls IT Security Program Information Sharing Life Cycle Controls Risk Management Technical Controls Sensitivity Domains SP – Planning SP – Management SLCS – Initiation SLCS – Development SLCS – Test & Evaluation SLCS – Implementation SLCS – Operation SLCS – Termination SP = Security Program SLCS = Sys Life Cycle Security Cell 1C 2.1C 2.2C 3.1C 3.2C 3.3C 3.4C 3.5C NA Key: Core Body of Knowledge

26 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Design/Develop (1 of 3) 1C, Laws and Regulations – Individuals responsible for the design and development of automated information systems are able to translate IT laws and regulations into technical specifications which provide adequate and appropriate levels of protection 2.1C, Security Program: Planning – Individuals responsible for the design and development of an IT security program are able to create a security program specific to a business process or organizational entity. 2.2C, Security Program: Management – Individuals responsible for the design and development of an IT security program have sufficient understanding of the appropriate program elements and requirements to be able to translate them into detailed policies and procedure which provide adequate and appropriate protection for the organization’s IT resources in relation to acceptable levels of risk.

27 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Design/Develop (2 of 3) 3.1C, Life Cycle: Initiation – Individuals responsible for the design and development of IT systems are able to translate IT security requirements into system-level security specifications. 3.2C, Life Cycle: Development – Individuals responsible for system design, development or modification are able to use baseline IT security requirements to select and install appropriate safeguards. 3.3C, Life Cycle: Test & Evaluation – Individuals are able to design tests to evaluate the adequacy of security safeguards in IT systems.

28 3.6C, Life Cycle: Termination – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Design/Develop (3 of 3) 3.4C, Life Cycle: Implementation – Individuals responsible for system design and/or modification are able to participate in the development of procedures which ensure the safeguards are not compromised as they are incorporated into the production environment. 3.5C, Life Cycle: Operations – Individuals responsible for system development are able to make procedural and operational changes necessary to maintain the acceptable level of risk. 3.6C, Life Cycle: Termination – Not applicable.

29 Security is Everyone’s Business: Role-Based Training for the SDLC Implement/Operate Role, CBK, and Positions System Designer/Developer Certification Reviewer/DAA Sys. Designer/Developer Database Administrator Program/Sys Analyst Data Center Manager Info. Resource Mgr. Program Manager Telecom Specialist ISO/ISM Position Information Resource Mgr Program/System Analyst Network Administrator System Administrator Technical Support Senior IRM Official System Operator Auditor, Internal System Owner CIO System Interconnection Awareness and Training Laws and Regulations Management Controls System Environment Operational Controls IT Security Program Information Sharing Life Cycle Controls Risk Management Technical Controls Sensitivity Domains SP – Planning SP – Management SLCS – Initiation SLCS – Development SLCS – Test & Evaluation SLCS – Implementation SLCS – Operation SLCS – Termination SP = Security Program SLCS = Sys Life Cycle Security Cell 1D 2.1D 2.2D NA 3.2D 3.3D 3.4D 3.5D 3.6D Key: Core Body of Knowledge  COTR Records Mgt Official FOIA Official Privacy Act Official

30 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Implement/Operate (1 of 3) 1D, Laws and Regulations – Individuals responsible for technical implementation and daily operations of an automated information system are able to understand IT security laws and regulations in sufficient detail to ensure that appropriate safeguards are in place and enforced 2.1D, Security Program: Planning – Individuals responsible for implementing and operating an IT security program are able to develop plans for countermeasures, security controls, and processes as required to execute the existing program. 2.2D, Security Program: Management – Individuals who are responsible for the implementation and daily operations of an IT security program have a sufficient understanding of the appropriate program elements and requirements to be able to apply them in a manner which provides adequate and appropriate levels of protection for the organization’s IT resources.

31 3.1D, Life Cycle: Initiation – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Implement/Operate (2 of 3) 3.1D, Life Cycle: Initiation – Not applicable. 3.2D, Life Cycle: Development – Individuals responsible for system implementation or operation are able to assemble, integrate, and install systems so that the functionality and effectiveness of safeguards can be tested and evaluated. 3.3D, Life Cycle: Test & Evaluation – Individuals responsible for system implementation of operation are able to conduct tests of the effectiveness of security safeguards in the integrated system.

32 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Implement/Operate (3 of 3) 3.4D, Life Cycle: Implementation – Individuals responsible for system implementation or operation ensure the approved safeguards are in place and effective as the system moves into production. 3.5D, Life Cycle: Operations – Individuals responsible for system implementation or operation are able to maintain appropriate safeguards continuously within acceptable levels of risk. 3.6D, Life Cycle: Termination – Individuals responsible for IT system operations are able to develop and implement the system termination plan, including security requirements for archiving/disposing of resources.

33 Security is Everyone’s Business: Role-Based Training for the SDLC Review/Evaluate Role, CBK and Positions Info. Resource Manager Certification Reviewer Records Mgt. Official Senior IRM Official Program Manager Auditor, Internal Auditor, External System Owner ISO/ISM DAA CIO Position System Interconnection Awareness and Training Laws and Regulations Management Controls System Environment Operational Controls IT Security Program Information Sharing Life Cycle Controls Risk Management Technical Controls Sensitivity Domains SP – Planning SP – Management SLCS – Initiation SLCS – Development SLCS – Test & Evaluation SLCS – Implementation SLCS – Operation SLCS – Termination SP = Security Program SLCS = Sys Life Cycle Security Cell 1E 2.1E 2.2E 3.1E 3.2E 3.3E 3.4E 3.5E 3.6E Key: Core Body of Knowledge

34 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Review/Evaluate (1 of 3) 1E, Laws and Regulations – Individuals responsible for the review/evaluation of an automated information system are able to use IT security laws and regulations in developing a comparative baseline and determining the level of system compliance 2.1E, Security Program: Planning – Individuals responsible for the review/evaluation of an IT security program are able to review the program to determine its continuing capability to cost-effectively address identified requirements. 2.2E, Security Program: Management – Individuals responsible for the review/evaluation of an IT security program have adequate understanding of IT security laws, regulations, standards, guidelines, and the organizational environment to determine if the program adequately addresses all threats and areas of potential vulnerability.

35 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Review/Evaluate (2 of 3) 3.1E, Life Cycle: Initiation – Individuals are able to evaluate planning documents associated with a particular system to ensure that appropriate IT security requirements have been considered and incorporated. 3.2E, Life Cycle: Development – Individuals responsible for review and evaluation are able to examine development efforts at specified milestones to ensure that approved safeguards are in place and documented. 3.3E, Life Cycle: Test & Evaluation – Individuals are able to evaluate the appropriateness of test methodologies, and conduct independent tests and evaluations to ensure that adequate and appropriate safeguards are in place, effective, and documented; and to prepare C&A documentation.

36 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Review/Evaluate (3 of 3) 3.4E, Life Cycle: Implementation – Individuals responsible for review and evaluation are able to analyze system and test documentation to determine whether the system provides adequate and appropriate IT security to support C&A. 3.5E, Life Cycle: Operations – Individuals responsible for review and evaluation are able to examine the operational system to determine the adequacy and effectiveness of safeguards and to ensure that a consistent and appropriate level of security is maintained. 3.6E, Life Cycle: Termination – Individuals responsible for review and evaluation are able to verify the appropriateness of the termination plan and processes used to terminate the IT system securely.

37 Security is Everyone’s Business: Role-Based Training for the SDLC Use Role, CBK and Positions (1 of 3) Info. Resource Manager System Owner ISO/ISM Users Position System Interconnection Awareness and Training Laws and Regulations Management Controls System Environment Operational Controls IT Security Program Information Sharing Life Cycle Controls Risk Management Technical Controls Sensitivity Domains SP – Planning SP – Management SLCS – Initiation SLCS – Development SLCS – Test & Evaluation SLCS – Implementation SLCS – Operation SLCS – Termination SP = Security Program SLCS = Sys Life Cycle Security Cell 1F NA 3.1E 3.2E 3.3E 3.4E 3.5E Key: Core Body of Knowledge

38 2.1F, Security Program: Planning – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Use (1 of 3) 1F, Laws and Regulations – users understand individual accountability and applicable governing documents (e.g., Computer Security Act, Computer Fraud and Abuse Act, Copyright Act, Privacy Act) 2.1F, Security Program: Planning – Not applicable. 2.2F, Security Program: Management – Not applicable.

39 Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Use (2 of 3) 3.1F, Life Cycle: Initiation – Potential users are able to participate in needs analyses and understand the various points of view involved in setting the balance between IT security controls and system efficiency. 3.2F, Life Cycle: Development – Potential users are able to provide input to system development efforts to ensure that IT security safeguards are as transparent to the user as feasible and are balanced with ease of use. 3.3F, Life Cycle: Test & Evaluation – Users are able to participate in acceptance tests and evaluate the impact of security safeguards on the operational environment.

40 3.6F, Life Cycle: Termination – Not applicable.
Security is Everyone’s Business: Role-Based Training for the SDLC Behavioral Outcome for Use (3 of 3) 3.4F, Life Cycle: Implementation – Users are able to identify and report security and efficiency concerns encountered during normal operations. 3.5F, Life Cycle: Operations – Users are able to understand the objectives of and comply with the “rules of behavior” for the system. 3.6F, Life Cycle: Termination – Not applicable.

41 Training can promote cultural change
Security is Everyone’s Business: Role-Based Training for the SDLC Final thoughts Training can promote cultural change It can shift the workforce from being observers who show interest in security to becoming participants who demonstrate commitment to security It is only through the understanding of these security roles and their relationships among each other and across the life cycle that total security integration can occur

42 Thanks for attending this session!
Security Is Everyone’s Business: Role-Based Training for the System Development Life Cycle Federal Information System Security Educators Association 18th Annual Conference March 22, 2005 Prepared by: Margaret Spanninger Booz Allen Hamilton (703) Thanks for attending this session! Good Afternoon! My name is Marge Spanninger and I lead the Information Assurance Training Team at Booz-Allen and Hamilton. This afternoon I’d like to talk to you about “Developing Security Competencies Through Information Assurance Undergraduate and Graduate Programs”

Download ppt "Federal Information System Security Educators Association"

Similar presentations

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
IT Security Law for Federal Agencies As of: 30 December 2002.

IT Security Law for Federal Agencies As of: 30 December 2002.
Software Quality Assurance Plan

Software Quality Assurance Plan
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.
Environmental Management Systems An Overview With Practical Applications.

Environmental Management Systems An Overview With Practical Applications.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Risk Management Framework

Risk Management Framework

Similar presentations

Ads by Google