Abstract
The Federal government and the defense establishments have used the method of Certification and Accreditation with great success to assess and manage the cyber risk in their IT and system environments. This chapter discuss how the same method can be simplified and used very effectively in the non-government, civilian, and commercial space for the same purpose.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NIST Joint Task Force (2018). NIST Special Publication 800-37 Revision 2 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf Accessed 11 Mar 2021
Moore S (2021) Gartner Predicts 40% of Boards Will Have a Dedicated Cybersecurity Committee by 2025 https://www.gartner.com/en/newsroom/press-releases/2021-01-28-gartner-predicts-40%2D%2Dof-boards-will-have-a-dedicated- Accessed March 10, 2021
Badhwar (2021) The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms (Springer)
Further Reading
Grance T, Hash J, et al (2002) Security Guide for Interconnecting Information Technology Systems. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-47.pdf Accessed 11 Mar 2021
Agile Insider blog (2020) What Is a POAM? https://www.agileit.com/news/what-is-a-poam/ Accessed 11 Mar 2021
Douvres N (2021) Understand the risk management framework (RMF). https://www.aemcorp.com/managedservices/blog/understanding-the-risk-management-framework. Accessed 11 March 2021
CIS (2021) CIS Controls. https://www.cisecurity.org/controls/. Accessed 11 Mar 2021
Wikipedia (2021) DoD Information Assurance Certification and Accreditation Process (DIACAP). https://en.wikipedia.org/wiki/Department_of_Defense_Information_Assurance_Certification_and_Accreditation_Process. Accessed 11 Mar 2021
Radziwill N and Benton M (2018) Cybersecurity Cost of Quality: Managing the Costs of Cybersecurity Risk Management https://arxiv.org/ftp/arxiv/papers/1707/1707.02653.pdf. Accessed March 13 2021
Wallix Blog. Cost of a Data Breach vs. Cost of a Security Solution http://blog.wallix.com/cost-of-a-data-breach-response. Accessed 11 Mar 2021
Swinhoe D (2020) What is the cost of a data breach? https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-data-breach.html . Accessed 11 Mar 2021
Moore S (2020) Gartner Predicts 75% of CEOs Will be Personally Liable for Cyber-Physical Security Incidents by 2024 https://www.gartner.com/en/newsroom/press-releases/2020-09-01-gartner-predicts-75%2D%2Dof-ceos-will-be-personally-liabl . Accessed March 5 2021.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Badhwar, R. (2021). Certification & Accreditation. In: The CISO’s Transformation. Springer, Cham. https://doi.org/10.1007/978-3-030-81412-0_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-81412-0_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81411-3
Online ISBN: 978-3-030-81412-0
eBook Packages: Computer ScienceComputer Science (R0)