Cargando…
Security controls evaluation, testing, and assessment handbook /
Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed securi...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Waltham, MA :
Syngress is an imprint of Elsevier,
[2015]
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1
- Introduction to Assessments; Chapter 2
- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3
- Statutory and Regulatory GRC; Statutory requirements; Privacy Act
- 1974; CFAA
- 1986; ECPA
- 1986; CSA
- 1987; CCA
- 1996; HIPAA
- 1996; EEA
- 1996; GISRA
- 1998; USA PATRIOT Act
- 2001; FISMA
- 2002; Sarbanes-Oxley
- 2002; Health Information Technology for Economic and Clinical Health Act
- 2009; Executive Orders/Presidential Directives.
- Federal processing standardsFIPS-140
- Security Requirements for Cryptographic Modules; FIPS-186
- Digital Signature Standard (DSS); FIPS-190
- Guideline for the Use of Advanced Authentication Technology Alternatives; FIPS-191
- Guideline for the Analysis Local Area Network Security; FIPS-199
- Standards for Security Categorization of Federal Information and Information Systems; FIPS-200
- Minimum Security Requirements for Federal Information and Information Systems; FIPS-201
- Personal Identity Verification of Federal Employees and Contractors; Regulatory requirements; DOD; CNSS; HHS.
- HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4
- Federal RMF Requirements; Federal civilian agencies; DOD
- DIACAP
- RMF for DOD IT; IC
- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5
- Risk Management Framework; Step 1
- categorization; Step 2
- selection; Step 3
- implementation; Step 4
- assessment; Step 5
- authorization; Step 6
- monitoring; Continuous Monitoring for Current Systems; Chapter 6
- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA.
- NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter
- 7
- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4
- Assess Security Controls; SP 800-115; RMF Knowledge Service.
- ISO 27001/27002Chapter
- 8
- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter
- 9
- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter
- 10
- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques.