Chapter 11 – Security assessment and authorization: Governance, preparation, and execution

This chapter focuses on the governance, preparation, and execution of the assessment and authorization processes. An introduction to the security assessment process provides a basic understanding of security assessments as it relates to the integration of security testing within system development life cycle and in support of information system authorization. The roles and responsibilities of the security assessment customer and provider are discussed across the various aspects of security assessment activities to include governance, preparation, and execution.