Naperville Public Library
Library Hours
Monday to Friday: 9 a.m. to 9 p.m.
Saturday: 9 a.m. to 5 p.m.
Sunday: 1 p.m. to 9 p.m.
Naper Blvd. 1 p.m. to 5 p.m.
Home Best Sellers Research a Topic Download & Stream Material Request My Account
     
Limit search to available items
Results Page:  Previous Next
Author Johnson, Leighton, author.

Title Security controls evaluation, testing, and assessment handbook / Leighton Johnson. [O'Reilly electronic resource]

Publication Info. Waltham, MA : Syngress is an imprint of Elsevier, [2016]
©2016
To Access:
Available on O'Reilly for Public Libraries
Bookmark link: https://library.naperville-lib.org:444/record=b3173098~S1
QR Code
Description 1 online resource
text file
Note Includes index.
Summary This handbook provides an approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. It shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities--which most are--then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. It provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. -- Edited summary from book.
Bibliography Includes bibliographical references and index.
Contents Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1 -- Introduction to Assessments; Chapter 2 -- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3 -- Statutory and Regulatory GRC; Statutory requirements; Privacy Act -- 1974; CFAA -- 1986; ECPA -- 1986; CSA -- 1987; CCA -- 1996; HIPAA -- 1996; EEA -- 1996; GISRA -- 1998; USA PATRIOT Act -- 2001; FISMA -- 2002; Sarbanes-Oxley -- 2002; Health Information Technology for Economic and Clinical Health Act -- 2009; Executive Orders/Presidential Directives.
HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 -- Federal RMF Requirements; Federal civilian agencies; DOD -- DIACAP -- RMF for DOD IT; IC -- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 -- Risk Management Framework; Step 1 -- categorization; Step 2 -- selection; Step 3 -- implementation; Step 4 -- assessment; Step 5 -- authorization; Step 6 -- monitoring; Continuous Monitoring for Current Systems; Chapter 6 -- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA.
NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter -- 7 -- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4 -- Assess Security Controls; SP 800-115; RMF Knowledge Service.
ISO 27001/27002Chapter -- 8 -- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter -- 9 -- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter -- 10 -- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques.
Subject Computer security -- Government policy -- United States.
Information technology -- Security measures -- United States.
Electronic government information -- Security measures -- United States.
Risk management -- Government policy -- United States.
Information technology -- United States -- Management.
Sécurité informatique -- Politique gouvernementale -- États-Unis.
Technologie de l'information -- États-Unis -- Sécurité -- Mesures.
Gestion du risque -- Politique gouvernementale -- États-Unis.
Technologie de l'information -- États-Unis -- Gestion.
Risk management -- Government policy
Information technology -- Security measures
Information technology -- Management
Computer security -- Government policy
Risk management
United States
Other Form: Print version: Johnson, Leighton. Security controls evaluation, testing and assessment handbook. Amsterdam, Netherlands : Syngress, ©2016 ix, 667 pages 9780128023242
ISBN 9780128025642 (electronic book)
0128025646 (electronic book)
0128023244
9780128023242
Patron reviews: add a review
Click for more information
EBOOK
No one has rated this material

You can...
Also...
- Find similar reads
- Add a review
- Sign-up for Newsletter
- Suggest a purchase
- Can't find what you want?
More Information

 
 
© Naperville Public Library 2019.