1 / 16

Leadership

Leadership. It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk. SP 800-39 Managing Information Security Risk (March 2011). FITSP-M Exam Module Objectives.

winka
Télécharger la présentation

Leadership

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leadership • It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk. • SP 800-39 Managing Information Security Risk (March 2011)

  2. FITSP-M Exam Module Objectives • Security Assessments and Authorization • Administer and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems • Manage mechanisms that authorize the operation of organizational information systems and any associated information system connections

  3. Authorization Overview • Section A: Authorization Tasks • Authorization Package • Authorization Decisions • Authorization Decision Document • Section B: Authorization Elements • Ongoing Authorization • Type Authorization • Authorization Approaches

  4. Section A Authorization Tasks

  5. RMF Step 4 - Authorization • Describe Plan of Action and Milestones • Understand the Elements of the Security Authorization Package • Understand Risk Determination • Understand Risk Acceptability • Distinguish between the Security Authorization Decisions

  6. RMF Step 5 – Authorize Information System • Plan of Action and Milestones • Security Authorization Package • Risk Determination • Risk Acceptance

  7. Authorization Package

  8. Authorization Decisions • Authorization to Operate • Denial Of Authorization to Operate • Interim Authorization to Test • Interim Authorization to Operate

  9. Authorization Decision Document • Authorization decision • Terms and conditions for the authorization • Authorization termination date • Risk executive (function) input (if provided)

  10. Knowledge Check • What is the first step in the Authorization RMF step? • What documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls? • What are the contents of the Authorization Package, from System Owner to Authorizing Official? • The authorization decision document contains what information?

  11. Section B Authorization Elements

  12. Ongoing Authorization • Maintains Knowledge of Current Security State • Re-execute RMF Step(s) • Maximize Use of Status Reports • Reauthorization • Time-driven • Event-driven

  13. Type Authorization Official authorization decision to employ identical copies of an information system or subsystem (including hardware, software, firmware, and/or applications) in specified environments of operation.

  14. Authorization Approaches • Single Authorizing Official • Multiple Authorizing Officials • Leveraging an Existing Authorization

  15. Authorization Key Concepts & Vocabulary • Authorization Package • Authorization Decisions • Authorization Decision Document • Ongoing Authorization • Type Authorization • Authorization Approaches

  16. Questions? Next Module: Continuous Monitoring

More Related