Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Cybersecurity Metrics: Protecting Data and Understanding Threats
3 Key Elements for Designing Secure Systems
Using Role-Playing Scenarios to Identify Bias in LLMs
Best Practices and Lessons Learned in Standing Up an AISIRT
3 API Security Risks (and How to Protect Against Them)
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
Capability-based Planning for Early-Stage Software Development
Safeguarding Against Recent Vulnerabilities Related to Rust
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)
Automated Repair of Static Analysis Alerts
Cyber Career Pathways and Opportunities
My Story in Computing with Sam Procter
Developing and Using a Software Bill of Materials Framework
The Importance of Diversity in Cybersecurity: Carol Ware
The Importance of Diversity in Software Engineering: Suzanne Miller
The Importance of Diversity in Artificial Intelligence: Violet Turri
Using Large Language Models in the National Security Realm
Atypical Applications of Agile and DevSecOps Principles
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction
The Impact of Architecture on Cyber-Physical Systems Safety
Create your
podcast in
minutes
It is Free