Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity
The Human Side of Security Trade-Offs
Dual Perspectives: A CIO's and CISO's Take on Security
Tackling Security at the National Level: A Resource for Leaders
Reducing Security Costs with Standard Configurations: U.S. Government Initiatives
Real-World Security for Business Leaders
Using Standards to Build an Information Security Program
Getting Real About Security Governance
Convergence: Integrating Physical and IT Security
IT Infrastructure: Tips for Navigating Tough Spots
The Value of De-Identified Personal Data
Adapting to Changing Risk Environments: Operational Resilience
Computer Forensics for Business Leaders: A Primer
The Real Secrets of Incident Management
The Legal Side of Global Security
A New Look at the Business of IT Education
Crisis Communications During a Security Incident
Assuring Mission Success in Complex Environments
Privacy: The Slow Tipping Point
Building Staff Competence in Security
Create your
podcast in
minutes
It is Free