Security controls evaluation, testing, and assessment handbook /

Mostrar otras versiones (3)

This handbook provides an approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. It shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all indus...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Johnson, Leighton (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Waltham, MA : Syngress is an imprint of Elsevier, [2016]
Temas:
Computer security > Government policy > United States.
Information technology > Security measures > United States.
Electronic government information > Security measures > United States.
Risk management > Government policy > United States.
Information technology > United States > Management.
Sécurité informatique > Politique gouvernementale > États-Unis.
Technologie de l'information > États-Unis > Sécurité > Mesures.
Gestion du risque > Politique gouvernementale > États-Unis.
Technologie de l'information > États-Unis > Gestion.
Risk management > Government policy
Information technology > Security measures
Information technology > Management
Computer security > Government policy
Risk management
United States
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a2200000 i 4500
001 OR_ocn935982823
003 OCoLC
005 20231017213018.0
006 m o d
007 cr cnu|||unuuu
008 151210s2016 mau ob 001 0 eng d
040 |a YDXCP  |b eng  |e rda  |e pn  |c YDXCP  |d OCLCO  |d YPM  |d OCLCO  |d B24X7  |d STF  |d COO  |d OCLCO  |d D6H  |d OCLCQ  |d LIV  |d UMI  |d TOH  |d OCLCA  |d CEF  |d KSU  |d CNCEN  |d AU@  |d WYU  |d LOA  |d OCLCQ  |d G3B  |d S8J  |d COCUF  |d CNNOR  |d VT2  |d VLB  |d OCLCF  |d OCL  |d BRF  |d OCLCO  |d OCLCQ  |d CJT  |d OCLCO 
019 |a 1010935461  |a 1135213804  |a 1192326951  |a 1228618862  |a 1240508987  |a 1373478357  |a 1397472725 
020 |a 9780128025642  |q (electronic book) 
020 |a 0128025646  |q (electronic book) 
020 |a 0128023244 
020 |a 9780128023242 
020 |z 9780128023242 
029 1 |a GBVCP  |b 1014933242 
035 |a (OCoLC)935982823  |z (OCoLC)1010935461  |z (OCoLC)1135213804  |z (OCoLC)1192326951  |z (OCoLC)1228618862  |z (OCoLC)1240508987  |z (OCoLC)1373478357  |z (OCoLC)1397472725 
037 |a CL0500000911  |b Safari Books Online 
043 |a n-us--- 
050 4 |a QA76.9.A25  |b J64 2016 
082 0 4 |a 005.8  |2 23 
049 |a UAMI 
100 1 |a Johnson, Leighton,  |e author. 
245 1 0 |a Security controls evaluation, testing, and assessment handbook /  |c Leighton Johnson. 
264 1 |a Waltham, MA :  |b Syngress is an imprint of Elsevier,  |c [2016] 
264 4 |c ©2016 
300 |a 1 online resource 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
347 |a text file 
500 |a Includes index. 
588 0 |a Online resource; title from digital title page (viewed on January 25, 2016). 
520 |a This handbook provides an approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. It shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities--which most are--then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. It provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. --  |c Edited summary from book. 
504 |a Includes bibliographical references and index. 
505 0 |a Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1 -- Introduction to Assessments; Chapter 2 -- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3 -- Statutory and Regulatory GRC; Statutory requirements; Privacy Act -- 1974; CFAA -- 1986; ECPA -- 1986; CSA -- 1987; CCA -- 1996; HIPAA -- 1996; EEA -- 1996; GISRA -- 1998; USA PATRIOT Act -- 2001; FISMA -- 2002; Sarbanes-Oxley -- 2002; Health Information Technology for Economic and Clinical Health Act -- 2009; Executive Orders/Presidential Directives. 
505 8 |a HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 -- Federal RMF Requirements; Federal civilian agencies; DOD -- DIACAP -- RMF for DOD IT; IC -- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 -- Risk Management Framework; Step 1 -- categorization; Step 2 -- selection; Step 3 -- implementation; Step 4 -- assessment; Step 5 -- authorization; Step 6 -- monitoring; Continuous Monitoring for Current Systems; Chapter 6 -- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA. 
505 8 |a NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter -- 7 -- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4 -- Assess Security Controls; SP 800-115; RMF Knowledge Service. 
505 8 |a ISO 27001/27002Chapter -- 8 -- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter -- 9 -- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter -- 10 -- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Computer security  |x Government policy  |z United States. 
650 0 |a Information technology  |x Security measures  |z United States. 
650 0 |a Electronic government information  |x Security measures  |z United States. 
650 0 |a Risk management  |x Government policy  |z United States. 
650 0 |a Information technology  |z United States  |x Management. 
650 6 |a Sécurité informatique  |x Politique gouvernementale  |z États-Unis. 
650 6 |a Technologie de l'information  |z États-Unis  |x Sécurité  |x Mesures. 
650 6 |a Gestion du risque  |x Politique gouvernementale  |z États-Unis. 
650 6 |a Technologie de l'information  |z États-Unis  |x Gestion. 
650 7 |a Risk management  |x Government policy  |2 fast 
650 7 |a Information technology  |x Security measures  |2 fast 
650 7 |a Information technology  |x Management  |2 fast 
650 7 |a Computer security  |x Government policy  |2 fast 
650 7 |a Risk management  |2 fast 
651 7 |a United States  |2 fast 
776 0 8 |i Print version:  |a Johnson, Leighton.  |t Security controls evaluation, testing and assessment handbook.  |d Amsterdam, Netherlands : Syngress, ©2016  |h ix, 667 pages  |z 9780128023242 
856 4 0 |u https://learning.oreilly.com/library/view/~/9780128025642/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
936 |a BATCHLOAD 
938 |a Books 24x7  |b B247  |n bks00088818 
938 |a YBP Library Services  |b YANK  |n 12746960 
994 |a 92  |b IZTAP 

Ejemplares similares