Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Securing Industrial Control Systems
The Power of Fuzz Testing to Reduce Security Vulnerabilities
Protect Your Business from Money Mules
Train for the Unexpected
The Role of the CISO in Developing More Secure Software
Computer and Network Forensics: A Master's Level Curriculum
Introducing the Smart Grid Maturity Model (SGMM)
Leveraging Security Policies and Procedures for Electronic Evidence Discovery
Integrating Privacy Practices into the Software Development Life Cycle
Using the Facts to Protect Enterprise Networks: CERT's NetSA Team
Ensuring Continuity of Operations When Business Is Disrupted
Managing Relationships with Business Partners to Achieve Operational Resiliency
The Smart Grid: Managing Electrical Power Distribution and Use
Electronic Health Records: Challenges for Patient Privacy and Security
Mitigating Insider Threat: New and Improved Practices
Rethinking Risk Management
The Upside and Downside of Security in the Cloud
More Targeted, Sophisticated Attacks: Where to Pay Attention
Is There Value in Identifying Software Security "Never Events?"
Cyber Security, Safety, and Ethics for the Net Generation
Create your
podcast in
minutes
It is Free