Using the Computer Security Expert Assist Team (CSEAT) Methodology to Improve IT Security
K L. Lyons-Burke
CSEAT provides an independent review of an organization¿s IT security program. The CSEAT review is not an audit or an inspection. The CSEAT review is an assessment of the state of the organization¿s IT security maturity and the IT security policies, procedures, and security controls implementation and integration across all business areas. The CSEAT review provides a consistent and comparable approach to IT security through consistent application of security control objectives and IT security effectiveness criteria. CSEAT performs a comparable review of the organization¿s structure, culture, and business mission. CSEAT utilizes extensive criteria containing specific control objectives against which an unclassified system or group of interconnected systems can be tested and measured. CSEAT has developed and maintains a computerized toolset to support the reviews. NIST¿s CSEAT does not establish new security requirements. The CSEAT security control objectives are abstracted directly from long-standing requirements found in federal government regulations, statutes, policies, and guidance on IT security. NIST IT security statutory responsibilities include: developing technical, management, physical, and administrative cost effective standards and guidance for IT security of Federal computer systems; and developing validation procedures for evaluating the effectiveness of standards and guidelines. The CSEAT review is based upon five stages of maturity: policy, procedures, implementation, test, and integration. Following the review, a prioritized action plan that can be implemented to improve agency or program IT security is provided to the organization.
Thirty-Sixth Hawaii International Conference on System Sciences (HICSS-36)
Computer security, IT security, maturity level, review, security control objectives
Using the Computer Security Expert Assist Team (CSEAT) Methodology to Improve IT Security, Thirty-Sixth Hawaii International Conference on System Sciences (HICSS-36)
(Accessed June 10, 2023)