top of page

Management and Cyber Security

According to NIST (2016) guidelines:

​

Agencies should develop policy on the system security process. System security plans are living documents that require periodic review, modification, and plans of action and milestones for implementing security controls. Procedures should be in place outlining who reviews the plans, keeps the plan current, and follows up on planned security controls. In addition, procedures should require that systems security plans be developed and reviewed prior to proceeding with the security certification and accreditation process of the system.

​

The purpose of the information system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system.

​

System security planning is an important activity that supports the system development life cycle (SDLC) and should be updated as system events trigger the need for revision in order to accurately reflect the most current state of the system. The system security plan provides a summary of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements. The plan also may reference other key security-related documents for the information system such as a risk assessment, plan of action and milestones, accreditation decision letter, privacy impact assessment, contingency plan, configuration management plan, security configuration checklists, and system interconnection agreements as appropriate. The authorization of a system to process information, granted by a management official, provides an important quality control. By authorizing processing in a system, the manager accepts its associated risk.

​(NIST SP 800-18 r. 1, Guide for Developing Security Plans for Federal Information Systems, 2006)

​

ISSP Final Project:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

 

 

 

 

​

​

​

​

​

​

​

​​​​​

​

​

Reference

​

NIST SP800-18, Guide for Developing Security Plans for Federal Information Systems. (2006, 2). Retrieved from NIST:

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf

(619) 260-4600

©2018 by Ken Yee's University of San Diego Cyber Security Operations & Leadership Capstone Course Portfolio. Proudly created with Wix.com

bottom of page