This Security Assessment Plan (SAP) was developed using the guidance contained in NIST SP 800-37, Guidelines for Applying the Risk Management Framework to Federal Information Systems, and incorporates policy from the Department of Homeland Security (DHS) Management Directive (MD) 4300, Department of Homeland Security …
Who develops the security assessment plan?
The SCA develops the security assessment plan, and the Authorizing Official or their Designated Representative reviews and approves the plan. The purpose of the security assessment plan is to establish the appropriate expectations for the security control assessment and bound the level of effort for the assessment.
Who has primary responsibility for developing and approving a security assessment plan?
Phase 4, Task 1: Security Control Assessment Plan. The security control assessor develops a detailed assessment plan to be used as a map for conducting the independent security controls assessment.
How do you conduct a security assessment?
Following are the steps required to perform an effective IT security risk assessment.
- Identify Assets. …
- Identify Threats. …
- Identify Vulnerabilities. …
- Develop Metrics. …
- Consider Historical Breach Data. …
- Calculate Cost. …
- Perform Fluid Risk-To-Asset Tracking.
What is security categorization and why is it important?
WHAT IS SECURITY CATEGORIZATION AND WHY IS IT IMPORTANT? Security categorization provides a structured way to determine the criticality and sensitivity of the information being processed, stored, and transmitted by an information system.
Where are security controls formally documented?
Security controls are formally documented in the organization’s security plan.
What’s the first step in performing a security risk assessment?
What is the first step in performing a security risk assessment?
- Step 1: Identify Your Information Assets.
- Step 2: Identify the Asset Owners.
- Step 3: Identify Risks to Confidentiality, Integrity, and Availability of the Information Assets.
- Step 4: Identify the Risk Owners.
What are the 10 P’s of risk management?
These risks include health; safety; fire; environmental; financial; technological; investment and expansion. The 10 P’s approach considers the positives and negatives of each situation, assessing both the short and the long term risk.