Information Security Management Beyond Certification and Accreditation

Traditional information security approaches rely too heavily on system Certification & Accreditation (C&A) to ensure that a system is sufficiently secure. Such approaches inadequately address security during acquisition and/or development, which increase the risk of the system containing inherent computer vulnerabilities and exposures that may lead to inappropriate issuance of an Authority To Operate (ATO) as a result of unintentional oversight of problems or pressure to deploy despite recognized residual risks. In certain instances, testing by an independent authority may mitigate some of the risks; however, such testing is often undertaken near the end of the development/acquisition cycle.

Provided by: The Society of American Magicians Topic: Security Date Added: Feb 2013 Format: PDF

Find By Topic