Cargando…
Security controls evaluation, testing, and assessment handbook /
Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed securi...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Waltham, MA :
Syngress is an imprint of Elsevier,
[2015]
|
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | SCIDIR_ocn932016626 | ||
| 003 | OCoLC | ||
| 005 | 20231120112041.0 | ||
| 006 | m o d | ||
| 007 | cr cnu|||unuuu | ||
| 008 | 151210t20152016mau ob 001 0 eng d | ||
| 040 | |a N$T |b eng |e rda |e pn |c N$T |d YDXCP |d OPELS |d N$T |d OCLCF |d CDX |d EBLCP |d IDEBK |d MERUC |d DEBSZ |d IDB |d OCLCQ |d WRM |d U3W |d D6H |d OCLCQ |d CUY |d ZCU |d ICG |d DKC |d OCLCQ |d LQU |d CNCEN |d DCT |d UKMGB |d OCLCQ |d MM9 |d OCLCO |d OCLCQ |d OCLCO | ||
| 015 | |a GBB519034 |2 bnb | ||
| 016 | 7 | |a 017050430 |2 Uk | |
| 019 | |a 932049488 |a 935249504 |a 1105179580 |a 1105559928 |a 1125071250 | ||
| 020 | |a 9780128025642 |q (electronic bk.) | ||
| 020 | |a 0128025646 |q (electronic bk.) | ||
| 020 | |z 9780128023242 | ||
| 020 | |z 0128023244 | ||
| 035 | |a (OCoLC)932016626 |z (OCoLC)932049488 |z (OCoLC)935249504 |z (OCoLC)1105179580 |z (OCoLC)1105559928 |z (OCoLC)1125071250 | ||
| 050 | 4 | |a HD61 | |
| 072 | 7 | |a BUS |x 082000 |2 bisacsh | |
| 072 | 7 | |a BUS |x 041000 |2 bisacsh | |
| 072 | 7 | |a BUS |x 042000 |2 bisacsh | |
| 072 | 7 | |a BUS |x 085000 |2 bisacsh | |
| 082 | 0 | 4 | |a 658.15/5 |2 23 |
| 100 | 1 | |a Johnson, Leighton, |e author. | |
| 245 | 1 | 0 | |a Security controls evaluation, testing, and assessment handbook / |c Leighton Johnson. |
| 264 | 1 | |a Waltham, MA : |b Syngress is an imprint of Elsevier, |c [2015] | |
| 300 | |a 1 online resource | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 500 | |a Includes index. | ||
| 588 | 0 | |a Online resource; title from PDF title page (ScienceDirect, viewed December 16, 2015). | |
| 505 | 0 | |a Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1 -- Introduction to Assessments; Chapter 2 -- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3 -- Statutory and Regulatory GRC; Statutory requirements; Privacy Act -- 1974; CFAA -- 1986; ECPA -- 1986; CSA -- 1987; CCA -- 1996; HIPAA -- 1996; EEA -- 1996; GISRA -- 1998; USA PATRIOT Act -- 2001; FISMA -- 2002; Sarbanes-Oxley -- 2002; Health Information Technology for Economic and Clinical Health Act -- 2009; Executive Orders/Presidential Directives. | |
| 505 | 8 | |a Federal processing standardsFIPS-140 -- Security Requirements for Cryptographic Modules; FIPS-186 -- Digital Signature Standard (DSS); FIPS-190 -- Guideline for the Use of Advanced Authentication Technology Alternatives; FIPS-191 -- Guideline for the Analysis Local Area Network Security; FIPS-199 -- Standards for Security Categorization of Federal Information and Information Systems; FIPS-200 -- Minimum Security Requirements for Federal Information and Information Systems; FIPS-201 -- Personal Identity Verification of Federal Employees and Contractors; Regulatory requirements; DOD; CNSS; HHS. | |
| 505 | 8 | |a HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 -- Federal RMF Requirements; Federal civilian agencies; DOD -- DIACAP -- RMF for DOD IT; IC -- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 -- Risk Management Framework; Step 1 -- categorization; Step 2 -- selection; Step 3 -- implementation; Step 4 -- assessment; Step 5 -- authorization; Step 6 -- monitoring; Continuous Monitoring for Current Systems; Chapter 6 -- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA. | |
| 505 | 8 | |a NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter -- 7 -- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4 -- Assess Security Controls; SP 800-115; RMF Knowledge Service. | |
| 505 | 8 | |a ISO 27001/27002Chapter -- 8 -- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter -- 9 -- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter -- 10 -- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques. | |
| 504 | |a Includes bibliographical references and index. | ||
| 520 | |a Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed. Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts. Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques. | ||
| 650 | 0 | |a Risk management. | |
| 650 | 2 | |a Risk Management |0 (DNLM)D012308 | |
| 650 | 6 | |a Gestion du risque. |0 (CaQQLa)201-0055861 | |
| 650 | 7 | |a risk management. |2 aat |0 (CStmoGRI)aat300179502 | |
| 650 | 7 | |a BUSINESS & ECONOMICS |x Industrial Management. |2 bisacsh | |
| 650 | 7 | |a BUSINESS & ECONOMICS |x Management. |2 bisacsh | |
| 650 | 7 | |a BUSINESS & ECONOMICS |x Management Science. |2 bisacsh | |
| 650 | 7 | |a BUSINESS & ECONOMICS |x Organizational Behavior. |2 bisacsh | |
| 650 | 7 | |a Risk management |2 fast |0 (OCoLC)fst01098164 | |
| 776 | 0 | 8 | |i Print version: |a Johnson, Leighton. |t Security Controls Evaluation, Testing, and Assessment Handbook. |d Saint Louis, MO : Elsevier Science, �2015 |z 9780128023242 |
| 856 | 4 | 0 | |u https://sciencedirect.uam.elogim.com/science/book/9780128023242 |z Texto completo |