Training for Application Owners

Application owner is the individual or group with the responsibility to ensure that the program or programs, which make up the application, accomplish the specified objective or set of user requirements established for that application, including appropriate security safeguards.

This training session serves a diverse group of individuals and organizations in both the public and private sectors including, but not limited to, individuals with:

• System development life cycle responsibilities (e.g., program managers, mission/business owners, information owners/stewards, system designers and developers, system/security engineers, systems integrators);
• Acquisition or procurement responsibilities (e.g., contracting officers);
• System, security, or risk management and oversight responsibilities (e.g., authorizing officials, chief information officers, chief information security officers, system owners, information security managers); and
• Security assessment and monitoring responsibilities (e.g., auditors, system evaluators, assessors, independent verifiers/validators, analysts).

Topics:

1 ACCESS CONTROL

2 AWARENESS AND TRAINING

3 AUDIT AND ACCOUNTABILITY

4 CONFIGURATION MANAGEMENT

5 IDENTIFICATION AND AUTHENTICATION

6 INCIDENT RESPONSE

7 MAINTENANCES

8 MEDIA PROTECTION

9 PERSONNEL SECURITY

10 PHYSICAL PROTECTION

11 RISK ASSESSMENT

12 SECURITY ASSESSMENT

13 SYSTEM AND COMMUNICATIONS PROTECTION

14 SYSTEM AND INFORMATION INTEGRITY

The above roles and responsibilities can be viewed from two distinct perspectives: the Government perspective as the entity establishing and conveying the security requirements in contractual vehicles or other types of inter-organizational agreements; and the nongovernment perspective as the entity responding to and complying with the security requirements set forth in contracts or agreements.