FISMA and the risk management framework the new practice of federal cyber security
If you are responsible for meeting federal information security requirements such as FISMA, this book is all you need to know to get a system authorized. Now in the first full revision of FISMA since its inception in 2002, a new wave of stronger security measures are now available through the effor...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Boston :
Syngress
2013.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628589806719 |
Tabla de Contenidos:
- Half Title; FISMA and theRisk Management Framework; Copyright; Dedication; Contents; Trademarks; Acknowledgements; About the Author; 1 Introduction; Introduction; Purpose and Rationale; How to Use This Book; Key Audience; FISMA Applicability and Implementation; Implementation Responsibilities; FISMA Progress to Date; FISMA Provisions; Standards and Guidelines for Federal Information Systems; System Certification and Accreditation; Strengths and Shortcomings of FISMA; Structure and Content; Chapter 1: Introduction; Chapter 2: Federal Information Security Fundamentals
- Chapter 3: Thinking About RiskChapter 4: Thinking About Systems; Chapter 5: Success Factors; Chapter 6: Risk Management Framework Planning and Initiation; Chapter 7: Risk Management Framework Steps 1 & 2; Chapter 8: Risk Management Framework Steps 3 & 4; Chapter 9: Risk Management Framework Steps 5 & 6; Chapter 10: System Security Plan; Chapter 11: Security Assessment Report; Chapter 12: Plan of Action and Milestones; Chapter 13: Risk Management; Chapter 14: Continuous Monitoring; Chapter 15: Contingency Planning; Chapter 16: Privacy; Chapter 17: Federal Initiatives; Relevant Source Material
- SummaryReferences; 2 Federal Information Security Fundamentals; Information Security in the Federal Government; Brief History of Information Security; Civilian, Defense, and Intelligence Sector Practices; Sources of Guidance; Information Classification and Security Categorization; Security Controls; Certification and Accreditation Process; Legislative History of Information Security Management; Certification and Accreditation; FIPS 102; DITSCAP; NIACAP; NIST Special Publication 800-37; DIACAP; NIST Risk Management Framework; Joint Task Force Transformation Initiative
- Organizational ResponsibilitiesOffice of Management and Budget (OMB); National Institute of Standards and Technology (NIST); Department of Defense (DoD); Office of the Director of National Intelligence (ODNI); Department of Homeland Security (DHS); National Security Agency (NSA); General Services Administration (GSA); Government Accountability Office (GAO); Congress; Executive Office of the President; Relevant Source Material; Summary; References; 3 Thinking About Risk; Understanding Risk; Key Concepts; Measuring Risk; Certainty, Uncertainty, and Probability; Assurance; Types of Risk
- Information Security RiskBudgetary Risk; Investment Risk; Legal Risk; Political Risk; Program Management Risk; Reputation Risk; Safety Risk; Strategic Risk; Supply Chain Risk; Organizational Risk; Risk Strategy; Risk Tolerance; Risk Executive; Trust, Assurance, and Security; Trust and Trustworthiness; Assurance and Confidence; Security; Trust Models; Risk Associated with Information Systems; Risk Management Framework; Risk Management Life Cycle; Risk Framing; Risk Assessment; Risk Response; Risk Monitoring; Other Risk Management Frameworks Used in Government Organizations
- Relevant Source Material
