Description of Security Assessment & Authorization (SA&A) Course
The Security Assessment and Authorization course includes:
Day 1 – Presentation
What is Security Assessment & Authorization (SA&A)?
This will include strategies for addressing the security assessment of departmental assets. This is extremely important for senior management. This knowledge will save departments millions, get the job accomplished quicker with less resources. It will mean less stress on resources.
What is the ITSG-33 Information System Security Implementation Process (ISSIP)?
And how does it mesh with Treasury Board’s Project Governance Framework (PGoF)?
What is Zoning?
Using ITSG-22 and 38 zoning guidelines. How to zone your network to minimize the exposure to the many threats that we face today?
Which Encryption to Use?
Encryption guidelines provided by the Communications Security Establishment (CSE). Which ones to use when communicating, processing, and storing data or information?
Threat and Risk Assessment (TRA) Process – Includes:
-How to perform a TRA in accordance with the Harmonized TRA Methodology?
-How to perform one TRA that addresses many applications?
ITSG-33 Summary – simplify the confusion:
-How to select a Security Control Profile for the department?
-How to select a Security Control Profile or Security Requirements Traceability Matrix (SRTM) for the Information System?
-How to perform a Statement of Assessment on the SRTM?
Privacy
-When to perform a Privacy Impact Assessment
Day 2 and 3 – Completion of the SA&A templates:
-Security Assessment (SA) Plan
-Statement of Acceptable Risk (SOAR)
-Statement of Sensitivity (SOS)
-Security Control Profile (ITSG-33)
-Statement of Assessment for Security Controls (SASC)
-Security Requirements Traceability Matrix (SRTM)
-Privacy Impact Assessment (PIA)
-Threat & Risk Assessment (TRA)
-Safeguard Implementation Plan (SIP)
-Security Assessment (SA) Report
-Authorization Letter/Certificate