C&A Life Cycle

A correct implementation of the Certification and Accreditation program will help the organization maintain a secure environment on the computer systems. An establish life cycle will help the organization maintain a properly revised program.

Certification and Accreditation Guidance Development Life Cycle

Phase	Task	Activity

Development	Creation	Plan for, research, and write the policy
	Review	Complete an independent policy review prior to approval
	Approval	Obtain management approval of the policy
Implementation	Communication	Disseminate the policy
	Compliance	Implement the policy
	Exceptions	Manage cases where full implementation is not possible
Maintenance	Awareness	Ensure continued awareness of the policy
	Monitoring	Report and track compliance with the policy
	Enforcement	Handle violations of the policy
	Maintenance	Keep the policy current
Disposal	Retirement	Retire the policy when it is no longer required

Tags: C&A, CISSP

This entry was posted on October 19, 2009, 6:57 pm and is filed under CISSP Review. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

Related Posts
Trackbacks (0)
Comments (0)

No comments yet.

No trackbacks yet.

5 TYPES OF BCP TESTING

October 17, 2009 - 4:44 pm

Tags: BCP, Business Continuity, CISSP
Posted in Business Continuity and Disaster Recovery Planning, CISSP Review | No Comments

Business Continuity Planning is the key essential master plan used for recovery and restore of business. This logistical plan will layout how the organization will recover from partial or complete interruption of business. Here is a quick guide that will help you determine if the business continuity plan will work.

TEST

DESCRIPTION

CHECKLIST

COPIES of the plan are sent [...]

Security Certifications

October 16, 2009 - 11:37 am

Tags: CISA, CISM, CISSP, GIAC, GSEC, Security +, SSCP
Posted in Certifications | No Comments

Almost 2 years ago I took the CISSP. I have to admit I have no test taking abilities, and the proctor staring at me for 6 hours killed me. I failed with a 685. This was a very tragic moment on my life; knowing that the pass rate is 70%, I felt the stupidest person [...]

TCP/IP Model

October 13, 2009 - 11:52 am

Tags: CISSP, Network, OSI Model, TCP/IP
Posted in IT Basics | No Comments

This Model should be learned and memorized, if asked you should not have to think about them. These links will guide you to their wikis for easy study access.

Internet Protocol Suite

Application Layer

BGP · DHCP · DNS · FTP · GTP · HTTP · IMAP · IRC · Megaco · MGCP · NNTP · [...]

Trusted Computer Security Evaluation Criteria

October 11, 2009 - 11:34 pm

Tags: CISSP, TCSEC
Posted in CISSP Review | No Comments

Trusted Computer System Evaluation Criteria (TCSEC) is a US Gov. DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.

TCSEC (Trusted Computer [...]

Security Modes of Operation

October 10, 2009 - 8:29 pm

Tags: CISSP, Security modes
Posted in CISSP Review | No Comments

There are various modes of security operations depending of the information you are protecting and it’s classification. Here is a review of some of the modes of operation.

Security Mode

Description

Dedicated Security Mode

Proper Clearance for ALL info on system.
Formal access approval for ALL info on system.
Signed NDA for ALL info on system.
Valid need to know ALL [...]

History of CRYPTOGRAPHY

October 9, 2009 - 3:50 pm

Tags: CISSP, CISSP Review, Cryptography
Posted in CISSP Review | No Comments

Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network. Cryptography is far more than helping keep integrity of the communications. It has evolved into a tool used in communications in a daily bases. Here is basic introduction to Cryptography.

Period [...]

Security Architecture & Design / Security Access Control Models

October 9, 2009 - 3:22 pm

Tags: Access Control Model, CISSP, CISSP Review, Security Design
Posted in CISSP Review | No Comments

Security Architecture include models to follow to design a security oriented network infrastructure. They will depend on the need of security classification. Each model will be focus on a specific area of the security tria Confidentiality, Integrity and Availability.

MODEL

DESCRIPTION

EMPHASIS

Access Matrix
A way of describing the rules for an access control strategy; Combination of Read, [...]

10 Common Body of Knowledge, By Shon Harris

August 13, 2009 - 9:46 am

Tags: 10 CBK, CISSP, Review
Posted in CISSP Review | No Comments

Applications and Systems Development Security
This domain examines the security components within operating
systems and applications and how to best develop and measure their
effectiveness. This domain looks at software life cycles, change control,
and application security. Some of the other topics covered include:

• Data warehousing and data mining
• Various development practices and their risks
• System storage and [...]

CISSP Study Group/Blog