Implementing a Security Assessment and Authorization Process

This course teaches you how to approach reviewing the security of systems before introducing them to your environment and how to formally authorize systems. Both are key skills in the National Initiative for Cybersecurity Education framework.
Course info
Level
Intermediate
Updated
Dec 9, 2016
Duration
2h 27m
Table of contents
Description
Course info
Level
Intermediate
Updated
Dec 9, 2016
Duration
2h 27m
Description

New systems and changes to existing systems are part of any organization. Today, there is heavy emphasis on the security of all major changes to an organization's technology. The National Institute of Cybersecurity Education has a specific requirement for users to learn and understand a formal Security Assessment and Authorization process. In this course, Implementing a Security Assessment and Authorization Process, you'll first learn how to approach formally assessing the security controls of a new system. Next you'll explore the approach taken to formally authorize the system prior to allowing it to become part of your organization's technology. You'll finish the course by learning how to select the correct security testing procedures from a whole library provided by NIST (National Institute for Standards in Technology). Upon completion of this course, you'll be well versed in the knowledge needed to implement and operate a security assessment and authorization process for your organization.

About the author
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Security Compliance: The Big Picture
Beginner
1h 43m
Feb 12, 2019
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Richard Harpur. Welcome to my course, Implementing a Security Assessment and Authorization Process. I am a certified information security manager and my day job is all about managing IT risks. To date, concern about information security is mainstream. That's why I authored this course. Maybe you're an IT, risk, or compliance manager, or maybe you're working in the US federal organization. Whatever your background, this course will teach you the best approach to assessment and authorization. One thing is certain, the volume of security assessment and authorization is rapidly increasing. No one wants to be responsible for introducing unacceptable risk into their organization. You'll learn difference between assessment and authorization. You'll learn several different assessment methods, 18 different security assessment families. You'll learn how to present your findings. And finally, you'll learn how good authorization process should work. By the end of this course, you will have learned all about a security assessment and authorization process and you will be confident in implementing these processes in your own organization. I hope you'll join me on this journey to learn Implementing a Security and Assessment Process at Pluralsight.