IT Management, Research Paper Example
Words: 782Research Paper
Do you believe the seven categories of issues evaluated and the value schemes assigned are practical? Would you change the set in any way for the course scenario and computer system?
The seven categories of the issues evaluated are practical on many aspects. The security process analysis, which incorporates an overview of the risk management practices, is instrumental in risk and mitigation identification. The security process is an essential aspect of the overall risk management. The first phase, which articulates issues related with SSAA, is also practical. The verification phase identified as the second phase and is practical since it involves activities of certification analysis.
The validation phase is another issue raised in the document and describes the different roles and responsibilities that need to be addressed. Post accreditation activities reflect a series of issues that are mitigated at different levels after the accreditation process is initiated. It is pertinent to note that the certification tasks suggested are a central part of the course. Security activities are an indispensable aspect that is commonly included in the program strategies. Strategy development process involves practical application of knowledge to attain specified goals.
If you review the certification level evaluation table C3.T10, that assigns levels to the numeric scores derived from the computation process, the numeric values computed result in an overlap in the levels. If the numeric values computed overlap across levels, how do you decide whether to go with the lower level or the higher level?
The decision process will be based on the program manager decision with the allocation following different characteristics. These include the interfacing mode and processing mode. On the other hand, an attribution mode will be instrumental in giving the basic alternative for the characteristics. Mission reliance is also another aspect that should be considered. Moreover, the availability level and integrity help in deciding whether to go for the lower or higher level.
Review the list of appendices to the SSAA Outline and Detailed Description in Appendix 1. Compare these documents with the list of documents required for the B-3 Division /Class in the Orange Book.
The SSAA outline provides a comprehensive coverage of the contractual agreement that binds all the stakeholders in the program. The first section covers basic mission description as well as functional description. The functionality description is a detailed account of issues such as the life cycle of systems, capabilities, as well as the clearance levels. An environmental description section is included to capture the aspect of administrative and physical consideration. The description of the facility offers an insight on the operating circumstances maintenance procedures. It is pertinent to note that issues of software development as well as threat description are captured in this section. This is unlike the documents required in the B-3 division.
A description of the system architecture is also captured with detailed coverage of system interfaces and the data flow. Moreover, the use of internal connections to manipulate external connections is covered. The outline introduces describes various system security issues and requirement. These include the national security requirements as well as data security requirements.
What are the differences between these two sets of documents?
These two documents are different in their structure and part of the content. The B-3 section of the orange book is more detailed than the SSAA Outline and Detailed Description with issues touching on security domains being critically reviewed.
Are there any documents referenced for development in the B-3 section in the Orange Book that are not listed in the DITSCAP? If so, what are they?
The documents referenced in the B-3 section of the orange book that are not listed within DITSCAP include the zero flaws on design, TCB models, as well as security auditing documents.
Why aren’t they included in the DITSCAP?
They are not necessary in the DITSCAP since it is a basic contractual agreement between different participants of the program. Moreover, the contents of the DITSCAP are far much different Orange Book.
Which ones would or would not be applicable for the course scenario computer system?
The organizations and resources section is instrumental to support the scenario computer system. Different organization description and responsibilities offer an insight to the application of different systems in the course. Training resources such as the tasks and milestones, the security environment, approved past solutions, the roles and responsibilities are necessary for the course. However, inclusion of accreditation boundary documents in the course is not necessary for the scenario computer and system course.
DITSCAP transition to DIACAP. (n.d.). Information Assurance Support Environment Home Page. Retrieved June 7, 2012, from http://iase.disa.mil/diacap/ditscap-to-diacap.html
DITSCAP transition to DIACAP. (n.d.). Information Assurance Support Environment Home Page. Retrieved June 7, 2012, from http://iase.disa.mil/diacap/
DoD Issuances Website: DoD Directives. (n.d.). DTIC Online. Retrieved June 7 2012 fromhttp://www.dtic.mil/whs/directives/corres/dir.html
Time is precious
don’t waste it!