Créateur de présentation | Survey | Quiz | Lead-form Accédez à 1,00,000+ modèles PowerPoint (pour les utilisateurs de SlideServe) - Parcourir maintenant
Download
leadership n.
Skip this Video
Loading SlideShow in 5 Seconds..
Leadership PowerPoint Presentation
share
play prev play next
play fullscreen
1 / 16

Leadership

163 Vues Download Presentation
Télécharger la présentation

Leadership

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Leadership • It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk. • SP 800-39 Managing Information Security Risk (March 2011)

  2. FITSP-M Exam Module Objectives • Security Assessments and Authorization • Administer and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems • Manage mechanisms that authorize the operation of organizational information systems and any associated information system connections

  3. Authorization Overview • Section A: Authorization Tasks • Authorization Package • Authorization Decisions • Authorization Decision Document • Section B: Authorization Elements • Ongoing Authorization • Type Authorization • Authorization Approaches

  4. Section A Authorization Tasks

  5. RMF Step 4 - Authorization • Describe Plan of Action and Milestones • Understand the Elements of the Security Authorization Package • Understand Risk Determination • Understand Risk Acceptability • Distinguish between the Security Authorization Decisions

  6. RMF Step 5 – Authorize Information System • Plan of Action and Milestones • Security Authorization Package • Risk Determination • Risk Acceptance

  7. Authorization Package

  8. Authorization Decisions • Authorization to Operate • Denial Of Authorization to Operate • Interim Authorization to Test • Interim Authorization to Operate

  9. Authorization Decision Document • Authorization decision • Terms and conditions for the authorization • Authorization termination date • Risk executive (function) input (if provided)

  10. Knowledge Check • What is the first step in the Authorization RMF step? • What documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls? • What are the contents of the Authorization Package, from System Owner to Authorizing Official? • The authorization decision document contains what information?

  11. Section B Authorization Elements

  12. Ongoing Authorization • Maintains Knowledge of Current Security State • Re-execute RMF Step(s) • Maximize Use of Status Reports • Reauthorization • Time-driven • Event-driven

  13. Type Authorization Official authorization decision to employ identical copies of an information system or subsystem (including hardware, software, firmware, and/or applications) in specified environments of operation.

  14. Authorization Approaches • Single Authorizing Official • Multiple Authorizing Officials • Leveraging an Existing Authorization

  15. Authorization Key Concepts & Vocabulary • Authorization Package • Authorization Decisions • Authorization Decision Document • Ongoing Authorization • Type Authorization • Authorization Approaches

  16. Questions? Next Module: Continuous Monitoring