Librería Portfolio Librería Portfolio

Búsqueda avanzada

TIENE EN SU CESTA DE LA COMPRA

0 productos

en total 0,00 €

SECURITY CONTROLS EVALUATION, TESTING, AND ASSESSMENT HANDBOOK
Título:
SECURITY CONTROLS EVALUATION, TESTING, AND ASSESSMENT HANDBOOK
Subtítulo:
Autor:
JOHNSON, L
Editorial:
ACADEMIC PRESS
Año de edición:
2016
ISBN:
978-0-12-802324-2
Páginas:
678
57,50 € -10,0% 51,75 €

 

Sinopsis

Key Features

Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization.
Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts.
Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques.
Description

Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today´s IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place.
Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems.
Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed.
Readership

IT security professionals (security auditors and engineers, compliance specialists, etc.); IT professionals (network administrators, IT managers, security managers and analysts, directors of security, etc.)



Dedication
Introduction
Section I
Chapter 1: Introduction to Assessments
Abstract
Chapter 2: Risk, Security, and Assurance
Abstract
Risk management
Risk assessments
Security controls
Chapter 3: Statutory and Regulatory GRC
Abstract
Statutory requirements
Executive Orders/Presidential Directives
Federal processing standards
Regulatory requirements
OMB requirements for each agency
Chapter 4: Federal RMF Requirements
Abstract
Federal civilian agencies
DOD - DIACAP - RMF for DOD IT
IC - ICD 503
FedRAMP
NIST Cybersecurity Framework
Chapter 5: Risk Management Framework
Abstract
Step 1 - categorization
Step 2 - selection
Step 3 - implementation
Step 4 - assessment
Step 5 - authorization
Step 6 - monitoring
Chapter 6: Roles and Responsibilities
Abstract
Organizational roles
Individual roles
DOD roles
Section II
Introduction
What is an assessment?
Experiences and the process
Chapter 7: Assessment Process
Abstract
Focus
Guidance
Chapter 8: Assessment Methods
Abstract
Evaluation methods and their attributes
Processes
Chapter 9: Assessment Techniques for Each Kind of Control
Abstract
Security assessment plan developmental process
Security assessment actions
Security controls by family
Chapter 10: System and Network Assessments
Abstract
800-115 introduction
Assessment techniques
Network testing purpose and scope
Testing roles and responsibilities
Security testing techniques
Four phases of penetration testing
Post-test actions to be taken
General schedule for testing categories
Chapter 11: Security Component Fundamentals for Assessment
Abstract
Management areas of consideration
Management controls
Information security resources
Measures of performance (SP 800-55)
Measures of performance
Federal enterprise architecture
System and services acquisition (SA)
Security services life cycle
Information security and external parties
CA - security assessment and authorization
PL - planning family and family plans
RA - risk assessment family
Critical success factors to information security management
Operational areas of consideration
Operational security controls key concepts
Physical security
Personnel security
System integrity
Technical areas of consideration
Access control
Identification and authentication
Log-on IDs and passwords
Systems and communications protection
Wireless networking
Firewalls
Audit and accounting
Chapter 12: Evidence of Assessment
Abstract
Types of evidence
Documentation requirements
Chapter 13: Reporting
Abstract
Key elements for assessment reporting
The assessment findings
Security Assessment Report
Executive summary
Risk Assessment Report
Artifacts as reports
Privacy impact assessment report
Remediation efforts during and subsequent to assessment
POAMs
Chapter 14: Conclusion
Abstract
Appendix A: Acronym List
Appendix B: FedRAMP Assessment Process and Templates
Appendix C: Templates for Testing and Evaluation Reports
Subject Index