Security Controls Evaluation, Testing, and Assessment Handbook.

Mostrar otras versiones (3)
Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Johnson, Leighton
Formato: Electrónico eBook
Idioma:Inglés
Publicado: San Diego : Elsevier Science & Technology, 2019.
Edición:Second edition.
Temas:
Computer security.
Computer Security
S�ecurit�e informatique.
Computer security
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Front Cover; Security Controls Evaluation, Testing, and Assessment Handbook; Security Controls Evaluation, Testing, and Assessment Handbook; Copyright; Contents; Introduction; Introduction for second edition; Section I; 1
  • Introduction to assessments; 2
  • Risk, security, and assurance; Risk management; Risk assessments; Security controls; Privacy; 3
  • Statutory and regulatory GRC; Statutory requirements; Privacy Act-1974; CFAA-1986; ECPA-1986; CSA-1987; CCA-1996; HIPAA-1996; EEA-1996; GISRA-1998; USA PATRIOT ACT-2001; FISMA-2002; Sarbanes-Oxley (SOX)-2002
  • Health Information Technology Economic and Clinical Health Act (HITECH)-2009Federal Information Security Modernization Act (FISMA 2.0)-2014; The Cybersecurity Enhancement Act (CEA)-2014; The Cybersecurity Information Sharing Act (CISA)-2015; National Cybersecurity Protection Advancement Act (CPAA)-2015; Executive Orders/Presidential Directives; Federal processing standards; FIPS-140-Security requirements for cryptographic modules; FIPS-186-Digital Signature Standard (DSS); FIPS-197-Advanced Encryption Standard (AES)
  • FIPS-199-Standards for security categorization of federal information and information systemsFIPS-200-Minimum security requirements for federal information and information systems; FIPS-201-Personal Identity Verification (PIV) of federal employees and contractors; FIPS-202-SHA-3 standard: permutation-based hash and extendable-output functions; Regulatory requirements; DOD; DODI 8500.01-cybersecurity; DODI 8510.01-``Risk Management Framework (RMF) for DoD Information Technology (IT)''; CNSS; CNSSI 1253-Security Categorization and Control Selection for National Security Systems
  • CNSSI 1254-Risk management framework documentation, data element standards, and reciprocity process for national security s ... CNSSP 22-Policy on information assurance risk management for national security systems; HHS; HIPAA Security Rule; HIPAA Privacy Rule; HITECH breach reporting; OMB requirements for each agency; Circulars; A-130, T-5-managing information as a strategic resource-July 2016; A-130, T-4, Appendix III-published in 2000; Memoranda; M-02-01 Guidance for Preparing and Submitting Security Plans of Action and Milestones (Oct 2001)
  • M04-04E-Authentication guidance for federal agenciesM06-15 Safeguarding PII; M06-19 PII reporting; M07-16 Safeguarding against and responding to the breach of Personally Identifiable Information; M10-15 FY 2010 Reporting instructions for the Federal Information Security Management Act and Agency Privacy Management; M10-28 clarifying cybersecurity responsibilities and activities of the Executive Office of the President and the Department ... ; M14-03 and M14-04; 4
  • Federal Risk Management Framework requirements; Federal civilian agencies; DOD-DIACAP-RMF for DOD IT; IC-ICD 503; FedRAMP

Ejemplares similares