05201cam a2200565Ii 4500 ocn932016626 OCoLC 20190328114813.0 m o d cr cnu|||unuuu 151210t20152016mau o 001 0 eng d N$T eng rda pn N$T YDXCP OPELS N$T OCLCF CDX EBLCP IDEBK MERUC DEBSZ IDB OCLCQ WRM U3W D6H OCLCQ CUY ZCU ICG DKC 932049488 935249504 9780128025642 (electronic bk.) 0128025646 (electronic bk.) 9780128023242 0128023244 (OCoLC)932016626 (OCoLC)932049488 (OCoLC)935249504 HD61 BUS 082000 bisacsh BUS 041000 bisacsh BUS 042000 bisacsh BUS 085000 bisacsh 658.15/5 23 Johnson, Leighton, author. Security controls evaluation, testing, and assessment handbook / [electronic resource] Leighton Johnson. Waltham, MA : Syngress is an imprint of Elsevier, 2015. 1 online resource text txt rdacontent computer c rdamedia online resource cr rdacarrier Includes index. Online resource; title from PDF title page (ScienceDirect, viewed December 16, 2015). Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1 -- Introduction to Assessments; Chapter 2 -- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3 -- Statutory and Regulatory GRC; Statutory requirements; Privacy Act -- 1974; CFAA -- 1986; ECPA -- 1986; CSA -- 1987; CCA -- 1996; HIPAA -- 1996; EEA -- 1996; GISRA -- 1998; USA PATRIOT Act -- 2001; FISMA -- 2002; Sarbanes-Oxley -- 2002; Health Information Technology for Economic and Clinical Health Act -- 2009; Executive Orders/Presidential Directives. Federal processing standardsFIPS-140 -- Security Requirements for Cryptographic Modules; FIPS-186 -- Digital Signature Standard (DSS); FIPS-190 -- Guideline for the Use of Advanced Authentication Technology Alternatives; FIPS-191 -- Guideline for the Analysis Local Area Network Security; FIPS-199 -- Standards for Security Categorization of Federal Information and Information Systems; FIPS-200 -- Minimum Security Requirements for Federal Information and Information Systems; FIPS-201 -- Personal Identity Verification of Federal Employees and Contractors; Regulatory requirements; DOD; CNSS; HHS. HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 -- Federal RMF Requirements; Federal civilian agencies; DOD -- DIACAP -- RMF for DOD IT; IC -- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 -- Risk Management Framework; Step 1 -- categorization; Step 2 -- selection; Step 3 -- implementation; Step 4 -- assessment; Step 5 -- authorization; Step 6 -- monitoring; Continuous Monitoring for Current Systems; Chapter 6 -- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA. NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter -- 7 -- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4 -- Assess Security Controls; SP 800-115; RMF Knowledge Service. ISO 27001/27002Chapter -- 8 -- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter -- 9 -- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter -- 10 -- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques. Includes bibliographical references and index. Risk management. BUSINESS & ECONOMICS Industrial Management. bisacsh BUSINESS & ECONOMICS Management. bisacsh BUSINESS & ECONOMICS Management Science. bisacsh BUSINESS & ECONOMICS Organizational Behavior. bisacsh Risk management. fast (OCoLC)fst01098164 Electronic books. Electronic books. lcgft Print version: Johnson, Leighton. Security Controls Evaluation, Testing, and Assessment Handbook. Saint Louis, MO : Elsevier Science, �2015 9780128023242 ScienceDirect http://www.sciencedirect.com/science/book/9780128023242 247248 247248