Security controls evaluation, testing, and assessment handbook /

Mostrar otras versiones (3)

This handbook provides an approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. It shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all indus...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Johnson, Leighton (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Waltham, MA : Syngress is an imprint of Elsevier, [2016]
Temas:
Computer security > Government policy > United States.
Information technology > Security measures > United States.
Electronic government information > Security measures > United States.
Risk management > Government policy > United States.
Information technology > United States > Management.
Sécurité informatique > Politique gouvernementale > États-Unis.
Technologie de l'information > États-Unis > Sécurité > Mesures.
Gestion du risque > Politique gouvernementale > États-Unis.
Technologie de l'information > États-Unis > Gestion.
Risk management > Government policy
Information technology > Security measures
Information technology > Management
Computer security > Government policy
Risk management
United States
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1
  • Introduction to Assessments; Chapter 2
  • Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3
  • Statutory and Regulatory GRC; Statutory requirements; Privacy Act
  • 1974; CFAA
  • 1986; ECPA
  • 1986; CSA
  • 1987; CCA
  • 1996; HIPAA
  • 1996; EEA
  • 1996; GISRA
  • 1998; USA PATRIOT Act
  • 2001; FISMA
  • 2002; Sarbanes-Oxley
  • 2002; Health Information Technology for Economic and Clinical Health Act
  • 2009; Executive Orders/Presidential Directives.
  • HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4
  • Federal RMF Requirements; Federal civilian agencies; DOD
  • DIACAP
  • RMF for DOD IT; IC
  • ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5
  • Risk Management Framework; Step 1
  • categorization; Step 2
  • selection; Step 3
  • implementation; Step 4
  • assessment; Step 5
  • authorization; Step 6
  • monitoring; Continuous Monitoring for Current Systems; Chapter 6
  • Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA.
  • NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter
  • 7
  • Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4
  • Assess Security Controls; SP 800-115; RMF Knowledge Service.
  • ISO 27001/27002Chapter
  • 8
  • Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter
  • 9
  • Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter
  • 10
  • System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques.

Ejemplares similares