This course teaches you how to approach reviewing the security of systems before introducing them to your environment and how to formally authorize systems. Both are key skills in the National Initiative for Cybersecurity Education framework.
New systems and changes to existing systems are part of any organization. Today, there is heavy emphasis on the security of all major changes to an organization's technology. The National Institute of Cybersecurity Education has a specific requirement for users to learn and understand a formal Security Assessment and Authorization process. In this course, Implementing a Security Assessment and Authorization Process, you'll first learn how to approach formally assessing the security controls of a new system. Next you'll explore the approach taken to formally authorize the system prior to allowing it to become part of your organization's technology. You'll finish the course by learning how to select the correct security testing procedures from a whole library provided by NIST (National Institute for Standards in Technology). Upon completion of this course, you'll be well versed in the knowledge needed to implement and operate a security assessment and authorization process for your organization.
Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.
Hi everyone, my name is Richard Harpur, welcome to my course Implementing Security Assessment and Authorization process. I am a Certified Information Security Manager and my day job is all about managing IT risks.
Today the concern about information security is mainstream and that is why I authored this course. After completing this course you will have learnt how to approach the task of implementing a security assessment and authorization process.
This course is for everyone who wants to understand more about securing your organization by designing and implementing a security assessment and authorization process. Maybe you are an IT, risk or compliance manager or maybe you’re in a US federal organization and interested in the National Initiative for Cybersecurity Education. Whatever your background this course will teach you the best approach to assessment and authorization. One thing is certain, the volume of security assessment and authorization is rapidly increasing. No one wants to be responsible for introducing unacceptable risk into their organization and this course will help you in your assessment and authorization process.
Some of the major topics that we will cover include:
1. You will learn the differences between Assessment and authorization.
2. Several Different assessment methods
3. 18 different security assessment families.
4. How to present your findings.
5. And how a good authorization process should work
By the end this course, you’ll have learned all about a security assessment and authorization process, and will have a confident approach in implementing these processing in your own organization. You don’t need to have any knowledge of specific tools or processes to complete this course, just jump straight in and start learning.
I hope you’ll join me on this journey to learn implementing a security and assessment process course, at Pluralsight.