IATRP

INFOSEC Assurance Training and Rating Program

We realize that many students have not had their name added to the IATRP certified list, or information updated. We apologize for the delays and any inconvenience. The website is in the process of being reworked without any change to what you should see. Please contact iatrp@iatrp.com if you feel your information is not correct or needs updating. Thank you for your patience and we apologize for any inconvenience.

INFOSEC Info
INFOSEC Assurance

IAM Info
IAM Certified People
IAM Certification Classes
IAM Modules

IEM Info
IEM Certified People
IEM Certification Classes
IEM Modules

IA-CMM Info
Awards & Ceremonies
Rated Organizations
Manual - Version 3.1

Other Links
IA Regulations Comments

Tools
Functional Flow
Site Map

What's New
- New Look & Feel
- IAM version 3.1
- New Program Number: 410-854-8959

INFOSEC Assessment Methodology (IAM)

The IAM consists of a standard set of activities required to perform an INFOSEC assessment. In other words, the methodology explains the depth and breadth of the assessment activities that must be performed to be acceptable within the IATRP. The IAM "sets the bar" for what needs to be done for an activity to be considered a complete INFOSEC Assessment. Providers who advertise an INFOSEC assessment capability and consumers seeking assistance in performing INFOSEC Assessments should use the IAM as the baseline for their discussions. Because the IAM is a baseline, providers can expand upon it to further meet the needs of the customers. However, any "expansion" must not reduce or interfere with the original intent of any IAM activity.

The IAM baseline activities include:

On-site customer coordination

Information criticality analysis

Identifying customer concerns

Documented INFOSEC Assessment Plan

Documented final report of findings and recommendations

On-site information gathering of the IAM minimal information categories

Interviews

Documentation review

System demonstrations