I think it's a lost cause.

There's a mountain of paperwork on writing in clear language out there, e.g. [link|http://www.dot.gov/ost/ogc/plain.htm|DOT]. But people who write the rule book don't seem to care.

As a rough translation, I'd offer:

Application Information Security Assurance (ISA)

This service's mission is to identif~~ies~~y the sensitivity and ~~criticality~~importance of an information resource and the corresponding security requirements in the Business Impact Assessment; design information security protection mechanisms, controls, and processes that will satisfy the requirements; ensure the appropriate protection mechanisms, controls, and processes are implemented and tested; manage the residual risk; and ~~culminates~~produce ~~with~~ a certification (the technical analysis that establishes the extent to which an application meets specified security requirements), accreditation (the management analysis that determines, from a business standpoint, whether implemented security controls satisfy specified security requirements to a level that provides an acceptable level of risk); and approval to deploy the information resource.

But even that is a mish-mash. It's not clear whether ISA is a group of people that does something, or a software process or what.

Is it a paper document or on-line? If it's on-line, I'd suggest hyperlinking definitions of the various jargon (BIA, etc.). If it's not on-line, I'd use footnotes to define certification, accreditation, etc.

But I'm not an editor, so take my comments with a bunch of salt. :-)

Good luck! I think you'll need it. Unfortunately. :-/

Cheers,
Scott.

Post #245,795 by Another Scott 2/22/06 4:34:44 PM Reply	I think it's a lost cause. There's a mountain of paperwork on writing in clear language out there, e.g. [link\|http://www.dot.gov/ost/ogc/plain.htm\|DOT]. But people who write the rule book don't seem to care. As a rough translation, I'd offer: Application Information Security Assurance (ISA) This service's mission is to identif~~ies~~y the sensitivity and ~~criticality~~importance of an information resource and the corresponding security requirements in the Business Impact Assessment; design information security protection mechanisms, controls, and processes that will satisfy the requirements; ensure the appropriate protection mechanisms, controls, and processes are implemented and tested; manage the residual risk; and ~~culminates~~produce ~~with~~ a certification (the technical analysis that establishes the extent to which an application meets specified security requirements), accreditation (the management analysis that determines, from a business standpoint, whether implemented security controls satisfy specified security requirements to a level that provides an acceptable level of risk); and approval to deploy the information resource. But even that is a mish-mash. It's not clear whether ISA is a group of people that does something, or a software process or what. Is it a paper document or on-line? If it's on-line, I'd suggest hyperlinking definitions of the various jargon (BIA, etc.). If it's not on-line, I'd use footnotes to define certification, accreditation, etc. But I'm not an editor, so take my comments with a bunch of salt. :-) Good luck! I think you'll need it. Unfortunately. :-/ Cheers, Scott.
Post #245,804 by jbrabeck 2/22/06 4:59:48 PM Reply	It's a paper process To determine: Sensitivity (of data) and Criticality (importance to running of business) of the application. Determine security requirements that must be implemented. Upon implementation of the security requirement, the Security Officer will then issue a security certification. After the security certification, management will them accredit the system. And then the new/updated system can be deployed. A good friend will come and bail you out of jail ... but, a true friend will be sitting next to you saying, "Damn...that was fun!"
Post #245,834 by drewk 2/22/06 8:50:52 PM Reply	There, use that It says the same thing (I think) and it's in plain English. === Purveyor of Doc Hope's [link\|http://DocHope.com\|fresh-baked dog biscuits and pet treats]. [link\|http://DocHope.com\|http://DocHope.com]

Welcome to IWETHEY!