Such exchanges are becoming more important as information technologies change rapidly and it will be more difficult for a single nation to tackle all security issues within an appropriate time frame. Finally, we recommend that nations and organisations increase their efforts to share information on security measures and vulnerabilities.
#ZOTZ STRAIN VERIFICATION#
The sixth is to use automated validation and verification tools to make re-accreditation more efficient.
The fifth is to establish an efficient and effective accreditation continuity strategy to manage the challenges of maintaining the security of systems that are updated more frequently than before.
The fourth recommendation is to define the role of the client in the security accreditation process to make expectations from the SAA clear. Third, we recommend that nations and organisations work to secure a sufficient number of competent accreditors and look into the possibility of outsourcing part of the workload. The next is to require that vendors clearly specify the systems they deliver in a standardized manner. One option is to define specific requirements for different types of systems rather than just applying generic security principles. The first is to define security requirements more clearly. Finally, complex and sometimes unclear or poorly understood requirements also hamper the ability to efficiently achieve compliance.īased on the analysis, we make some policy recommendations that will address some of the challenges. A lack of awareness and focus on security from the clients will impede the security accreditation process. The clients are the operational authorities or business owners who wish to have their systems accredited.
The rapidly changing technology puts additional strain on the SAAs in keeping knowledge and requirements current and also increases the rate of new and changed systems in need of accreditation. Job market competition with private industry is raised as a particular concern. Both a lack of funding and competent personnel affects the SAA’s ability to manage the workload. The causes of the issues reported by SAAs (security accreditation authorities) can be said to fall into five broad categories: funding, competence, changing technology, clients and requirements. Costs and resource requirements and a lack of staff are also seen as challenges. These times are clearly too long in many cases, especially if they apply to re-accreditation in an agile development environment. The times reported for accrediting a national security system vary from just under one month to 18 months. The issues raised were varied, with the most commonly noted one being that the process is too time-consuming. This research shows that nations and international organisations experience similar challenges with their security accreditation processes even though there are differences in the organisation and performance of accreditation activities. This paper reports the findings from a survey of CCDCOE member nations, NATO and EU organisations to investigate possible shortcomings of current security accreditation practices for national security systems. Security accreditation is an important part of the measures taken by states and international organisations to ensure adequate cyber security in national security systems.
0 kommentar(er)
