Advertisement
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision

Check these out next

Unraveling the Confusion Surrounding the Purpose of Penetration Tests
Unraveling the Confusion Surrounding the Purpose of Penetration Tests
Bo Birdwell
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis
Penetration Testing Guide
Penetration Testing Guide
Badawy Abd El-Aziz
Sensible defence
Sensible defence
Koen Maris
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery Plan
Jan Wong
Preparing for future attacks - the right security strategy
Preparing for future attacks - the right security strategy
RapidSSLOnline.com
Prevent & Protect
Prevent & Protect
Mike McMillan
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse
EMC
1 of 41

The Authorizing Official And The Accreditation Decision

Feb. 10, 2009
Download to read offline
Technology

Accreditation of US Federal Government IT systems is one of many critical aspects of maintaining an Enterprise Security Program at a Federal Agency. It is a very public metric (think FISMA Report Card.) This has led many to decry Certification and Accreditation (C&A) as strictly a paper exercise. However, when administered correctly, it is probably the best risk management tool available to government executives as it forces the agency to identify/classify systems according to criticality and perform an in-depth examination of every system identified.

Michael Smith
Security Management Consultant
Advertisement
Advertisement
Advertisement

Recommended

Risk AssessmentRisk Assessment
Risk Assessmentaeaguinot569 views9 slides
Risk AssessmentRisk Assessment
Risk Assessmentaeaguinot571 views9 slides
Pragmatic CyberSecurity and Risk ReductionPragmatic CyberSecurity and Risk Reduction
Pragmatic CyberSecurity and Risk ReductionBruce Hafner565 views30 slides
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security InvestmentRoger Johnston97 views4 slides
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc1.6K views23 slides
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group325 views37 slides

More Related Content

Slideshows for you(20)

Unraveling the Confusion Surrounding the Purpose of Penetration Tests Unraveling the Confusion Surrounding the Purpose of Penetration Tests
Unraveling the Confusion Surrounding the Purpose of Penetration Tests
Bo Birdwell141 views
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis56 views
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
Badawy Abd El-Aziz153 views
Sensible defenceSensible defence
Sensible defence
Koen Maris326 views
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery Plan
Jan Wong2.4K views
Preparing for future attacks - the right security strategyPreparing for future attacks - the right security strategy
Preparing for future attacks - the right security strategy
RapidSSLOnline.com367 views
Prevent & ProtectPrevent & Protect
Prevent & Protect
Mike McMillan116 views
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse
EMC918 views
2012 10 19 risk analysis training deck2012 10 19 risk analysis training deck
2012 10 19 risk analysis training deck
Elaine Axum209 views
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust2K views
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management
Seapine Software809 views
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
Dennis Chaupis165 views
There’s No Such Thing as a Cyber-RiskThere’s No Such Thing as a Cyber-Risk
There’s No Such Thing as a Cyber-Risk
Priyanka Aash308 views
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
Jim Piechocki182 views
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
Peter Henley375 views
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
Carahsoft2.8K views
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault4.8K views
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)
Wivenhoe Management Group898 views
Massbiz Consulting Crede Sed ProbaMassbiz Consulting Crede Sed Proba
Massbiz Consulting Crede Sed Proba
James McDonald494 views
It risk assessmentIt risk assessment
It risk assessment
Happiest Minds Technologies282 views

Similar to The Authorizing Official And The Accreditation Decision(20)

Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesRisk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
SlideTeam1.6K views
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational Approach
Graydon McKee4K views
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers
Ahmed Gamal1.9K views
DeltaV Security - Don’t Let Your Business Be Caught Without ItDeltaV Security - Don’t Let Your Business Be Caught Without It
DeltaV Security - Don’t Let Your Business Be Caught Without It
Emerson Exchange1.3K views
Analyzing Your GovCon Cybersecurity ComplianceAnalyzing Your GovCon Cybersecurity Compliance
Analyzing Your GovCon Cybersecurity Compliance
Robert E Jones675 views
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
Pace IT at Edmonds Community College406 views
Prevention And Control Strategies PowerPoint Presentation SlidesPrevention And Control Strategies PowerPoint Presentation Slides
Prevention And Control Strategies PowerPoint Presentation Slides
SlideTeam106 views
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
walterl43 views
Sec 340 full class latest business continuitySec 340 full class latest business continuity
Sec 340 full class latest business continuity
Laynebaril101 views
Cybersecurity Compliance in Government ContractsCybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government Contracts
Robert E Jones58 views
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights622 views
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
zapp0696 views
Analyzing Your Government Contract Cybersecurity ComplianceAnalyzing Your Government Contract Cybersecurity Compliance
Analyzing Your Government Contract Cybersecurity Compliance
Robert E Jones484 views
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
Beji Jacob220 views
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
Ryan Faircloth260 views
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
Ryan Faircloth671 views
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Michael Smith1K views
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation Slides
SlideTeam1.2K views
Determining Condition MonitoringDetermining Condition Monitoring
Determining Condition Monitoring
Kerry Williams21 views
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
John Gilligan1.3K views
Advertisement

More from Michael Smith(7)

BarcodesBarcodes
Barcodes
Michael Smith5.2K views
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and Government
Michael Smith1.9K views
Dojo Con 09Dojo Con 09
Dojo Con 09
Michael Smith1.1K views
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Michael Smith897 views
Security Content Automation Protocol and Web Application SecuritySecurity Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Michael Smith1.9K views
Backtrack 3 USBBacktrack 3 USB
Backtrack 3 USB
Michael Smith2.5K views
Why Care About Government SecurityWhy Care About Government Security
Why Care About Government Security
Michael Smith937 views

Recently uploaded(20)

TenT-Day03.pptxTenT-Day03.pptx
TenT-Day03.pptx
JohanMyburgh150 views
EMA Policy 0070 Relaunch - Changes and how GenInvo can helpEMA Policy 0070 Relaunch - Changes and how GenInvo can help
EMA Policy 0070 Relaunch - Changes and how GenInvo can help
geninvomarketing0 views
Video Coding Enhancements for HTTP Adaptive Streaming Using Machine LearningVideo Coding Enhancements for HTTP Adaptive Streaming Using Machine Learning
Video Coding Enhancements for HTTP Adaptive Streaming Using Machine Learning
Alpen-Adria-Universität0 views
New Productivity features for Document UnderstandingNew Productivity features for Document Understanding
New Productivity features for Document Understanding
DianaGray100 views
C++ Programming.pdfC++ Programming.pdf
C++ Programming.pdf
MrRSmey0 views
Ch 3.pdfCh 3.pdf
Ch 3.pdf
MuhammadAsif10690 views
Presentation.pptxPresentation.pptx
Presentation.pptx
AyeshaIndunil0 views
TenT-Day08.pptxTenT-Day08.pptx
TenT-Day08.pptx
JohanMyburgh150 views
Putting the Human Back in the Loop: Keynote Talk at IS-EUD 2023 Cagliari Putting the Human Back in the Loop: Keynote Talk at IS-EUD 2023 Cagliari
Putting the Human Back in the Loop: Keynote Talk at IS-EUD 2023 Cagliari
AnttiOulasvirta0 views
2008-03-04 - Geoprocessing with ArcGIS.pdf2008-03-04 - Geoprocessing with ArcGIS.pdf
2008-03-04 - Geoprocessing with ArcGIS.pdf
ssuseref75f10 views
Causal Repair of Learning-Enabled Cyber-physical SystemsCausal Repair of Learning-Enabled Cyber-physical Systems
Causal Repair of Learning-Enabled Cyber-physical Systems
Ivan Ruchkin0 views
Vin secure solutions PPT (1).pdfVin secure solutions PPT (1).pdf
Vin secure solutions PPT (1).pdf
vin secure solutions0 views
e-commerce.pptxe-commerce.pptx
e-commerce.pptx
ssuser9a364e0 views
Storybook, the best friend we all needStorybook, the best friend we all need
Storybook, the best friend we all need
AnnaSala220 views
What is Philosophy in Technology?What is Philosophy in Technology?
What is Philosophy in Technology?
Roman Krzanowski0 views
TenT-Day04.pptxTenT-Day04.pptx
TenT-Day04.pptx
JohanMyburgh150 views
DR Guide Process.pdfDR Guide Process.pdf
DR Guide Process.pdf
blackmambaettijean0 views
4.1 Modeling Data Relationships.pdf4.1 Modeling Data Relationships.pdf
4.1 Modeling Data Relationships.pdf
Felipelipilef2nd0 views
TenT-Day05.pptxTenT-Day05.pptx
TenT-Day05.pptx
JohanMyburgh150 views
AlamofirebyJun.pdfAlamofirebyJun.pdf
AlamofirebyJun.pdf
JUNSHIN80 views
Advertisement

The Authorizing Official And The Accreditation Decision

  1. Making the Choice: ATO, IATO, or Denial The Role of the Authorizing Official/Designated Approving Authority and the Accreditation Decision
  12. IT Security in the SDLC --NIST SP 800-64
  15. Accreditation Decision Scenarios Playing the “Armchair Authorizer”

Editor's Notes

  1. The following presentation contains insights and opinions gathered from over 40 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with some insight and understanding of the role of the AO/DAA and the larger process of arriving at an accreditation decision.
Advertisement