Certified Authorization Professional (CAP) exam 2023

System Authorization Risk management process that helps in assessing risk associated with a system and takes steps to mitigate the vulnerabilities to reduce risk to an acceptable level. System authorization was formerly known as Certification and Accreditation used to ensure that security controls are established for an information system. Risk Management A process of identifying, controlling, and extenuating IT system related risk. It includes risk assessment, analysis of cost benefit, selection, implementation, test and measurement of security controls. Certification and Accreditation The process of implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. C&A is extensively used in the Federal Government. Four New Process Models - Frame - Assess - Respond - Monitor What are the 6 RMF Steps Step 1 - Categorize Step 2 - Select Step 3 - Implement Step 4 - Assess Step 5 - Authorize Step 6 - Monitor Benefits of system authorization System authorization provides benefits to organizations, some of which are as follows: •It helps in maintaining the visibility of the information technology security program by drawing attention to it at multiple organization levels. •It allows management to prove that it is doing the right thing in protecting its assets, and providing a process for meeting requirements and managing risk. •It provides a means for integrating security across all of its computer systems, allowing consistency in the implementation of security controls. •It ensures that minimum security control requirements are met. •It saves effort and resources by consolidating individual processes into an integrated program.