Essay Sample on System Security Plan: An In-Depth Guide to Accreditation & Certification

A system security plan (SSP) is structured, comprehensive information security aimed at regulation and monitoring of the authorized processes and activities with the development cycle. It is a program outlining the systematic obligations to control the access and sharing of the information. System security plan safeguard structural authorization of officiated information of the activities (Bowen, Hash, & Wilson, 2006). Accreditation and certification are crucial to implementing the SSP. Certification and accreditation, therefore, help the evaluation and authorization of the SSP. Typically, the certification process ensures that there is comprehensive satisfaction of the measures and standards necessary for the security program to be initiated (McAlees, & Schumacher, 1975). It enables SSP to evaluate and mitigate the risks that are bound to happen upon its implementation. On the other hand, the accreditation process provides a formal affirmation that the certified security system benefits the concerned and is implemented into accordance with the statues and standards predetermined in the SSP. Usually, accreditation program confers and assert on the regulation authorized within a given activity development.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

In business structure and other economic activities, SSP plays an essential role in protecting consumers' data. The customers' information that to some extent portrays their consumption habits at times provides the financial positions they are in. Regarding that, it becomes vital and sensitive as it may lead to other issues such as theft and assassination with the aim to steal the wealth of that particular client spotted to be productive (Williams, 2001). Similarly, matters pertaining to health are confidential and therefore, SSP assist the health institutions in maintaining the patients' data confidential and secure for future use (Huston, 2001). SSP mitigate cost-effective evaluation and control of the standard norms and assessment to authorized activities.

In NIST SP 800-171, the plan is proposed by non-federal agencies, while the DoIT Maryland Gov. Plan, Government to control and regulate the assessment of the authorized activities (Lazar et al., 2010). It is an administrative plan to mitigate information security and control in the SANS organization to ensure that evaluation and risk assessment is analyses to establish proper authorization standards of its activities (Mehdizadeh, 2003). Information is the vital element that critically interlinked with communication agencies to ensure that data of employees and business is protected and regulated to meet the standards of the authorized plan. The NIST SP 800 project a tight schedule in implementation and assessment of the standards and data security that is up to wellbeing of the employees and those concerned. Due to that comparative advantage, I would, therefore, prefer its plan rather than others.

References

Bowen, P., Hash, J., & Wilson, M. (2006). Sp 800-100. Information security handbook: A guide for managers. Retrieved from https://dl.acm.org/doi/book/10.5555/2206189

Huston, T. (2001). Security issues for implementation of e-medical records. Communications of the ACM, 44(9), 89-94. https://doi.org/10.1145/383694.383712

Lazar, J., Beavan, P., Brown, J., Coffey, D., Nolf, B., Poole, R., & Wenger, B. (2010). Investigating the accessibility of state government web sites in Maryland. In Designing inclusive interactions (pp. 69-78). Springer, London.

Mehdizadeh, Y. (2003). SANS Institute. Retrieve from https://pdfs.semanticscholar.org/cb52/296be78395868eb205883d1d8a9a8b10080e.pdf

Williams, P. (2001). Information security governance. Information security technical report, 6(3), 60-70. https://doi.org/10.1016/S1363-4127 (01)00309-0

McAlees, D. C., & Schumacher, B. (1975). Toward new professionalism: Certification and accreditation. Rehabilitation Counseling Bulletin.