Blog
Decisions, Decisions and the Role of Authorization
Technology and cybersecurity cannot be thought of as the responsibility of a siloed IT department – it is the lifeblood of the organization. In day-to-day operations, as well as during moments of crisis, a company’s different functional areas must be able to collaborate and must know who to turn to for leadership.
System authorization has been employed in government for over 20 years, and it is becoming recognized outside government for the promise it holds as a practical approach for identifying and documenting business requirements for security, for ensuring that cost-effective controls are functioning appropriately, and for ensuring that weaknesses in protective controls are managed effectively.
Based on NIST standards, system authorization formalizes the decision-making process, placing clear directives and accountability up front where they can be communicated and clearly documented. It becomes the responsibility of the Certified Authorization Professional (CAP) to take on this role, or to assign it under the title of Authorizing Official (AO) to an appropriately qualified individual.