Implementing a Security Assessment and Authorization Process

By Richard Harpur
This course teaches you how to approach reviewing the security of systems before introducing them to your environment and how to formally authorize systems. Both are key skills in the National Initiative for Cybersecurity Education framework.
Play course overview
Course info
Level
Intermediate
Updated
Dec 9, 2016
Duration
2h 27m
Table of contents
Course Overview
Course Overview 2m
Why Care About Security Assessments and Authorization?
Overview 3m Value of Assessment and Authorization 3m What Does It Mean? 4m Assessments of Third Parties 4m National Initiative for Cybersecurity Education 2m Course Roadmap 3m Real World Example 6m Summary 1m
Learning Assessment Fundamentals
Overview 2m Is It an Audit or an Assessment? 3m Ensuring an Objective and Repeatable Process 6m Learn the Assessment Procedure 3m Real World Example - Demo and Summary 3m
Looking at a Typical Assessment Process
Overview 1m Assessment Process 3m Preparation, Plan, Procedures 3m Execution and Report 3m Demo - See It in Action 3m Summary 1m
Comparing Assessment Methods
Overview 1m What Are the Three Methods? 2m Examination 3m Interview 2m Test 3m Demo - Putting It into Practice 3m Summary 1m
Assessing Controls
Overview 2m Real World Examples 2m Control Families 1-6 7m Demo - Access Control 4m Control Families 6-12 6m Demo - Identification and Authentication 4m Control Families 12-18 7m Summary 3m
Conformance Testing
Overview 1m Rules of Engagement 3m Scanning 5m Testing Part 1 4m Testing Part 2 and Summary 4m
Presenting Your Assessment Findings
Overview 2m Key Elements for Assessment Reports 3m Findings, Reviews, and the Final Report 3m Summary 1m
Security Authorization
Overview 1m Definition of Authorization 2m Steps to Reaching an Authorization Decision 2m Authorization Decision Options 2m Demo - FedRAMP Website 3m Summary 1m
Description
Course info
Level
Intermediate
Updated
Dec 9, 2016
Duration
2h 27m
Description

New systems and changes to existing systems are part of any organization. Today, there is heavy emphasis on the security of all major changes to an organization's technology. The National Institute of Cybersecurity Education has a specific requirement for users to learn and understand a formal Security Assessment and Authorization process. In this course, Implementing a Security Assessment and Authorization Process, you'll first learn how to approach formally assessing the security controls of a new system. Next you'll explore the approach taken to formally authorize the system prior to allowing it to become part of your organization's technology. You'll finish the course by learning how to select the correct security testing procedures from a whole library provided by NIST (National Institute for Standards in Technology). Upon completion of this course, you'll be well versed in the knowledge needed to implement and operate a security assessment and authorization process for your organization.

About the author
Richard Harpur
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Getting Started with Data Loss Prevention
Beginner
2h 2m
Jul 10, 2019
Security Compliance: The Big Picture
Beginner
1h 43m
Feb 12, 2019
Communicating and Documenting Security Incidents
Beginner
1h 1m
Jun 8, 2018
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Richard Harpur. Welcome to my course, Implementing a Security Assessment and Authorization Process. I am a certified information security manager and my day job is all about managing IT risks. To date, concern about information security is mainstream. That's why I authored this course. Maybe you're an IT, risk, or compliance manager, or maybe you're working in the US federal organization. Whatever your background, this course will teach you the best approach to assessment and authorization. One thing is certain, the volume of security assessment and authorization is rapidly increasing. No one wants to be responsible for introducing unacceptable risk into their organization. You'll learn difference between assessment and authorization. You'll learn several different assessment methods, 18 different security assessment families. You'll learn how to present your findings. And finally, you'll learn how good authorization process should work. By the end of this course, you will have learned all about a security assessment and authorization process and you will be confident in implementing these processes in your own organization. I hope you'll join me on this journey to learn Implementing a Security and Assessment Process at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT