x

Our Privacy Policy has changed. By using this site, you agree to the Privacy Policy.

Official (ISC)2� Guide to the CAP� CBK�

ISBN-10: 1439820759
ISBN-13: 9781439820759
Edition: 2nd 2013 (Revised)
List price: $105.99 Buy it from $50.54
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: This volume demonstrates the effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in public and private organizations. It provides an overview of C&A components, showing how to document the status of  More...

Used Starting from $50.54
New Starting from $78.47
eBooks Starting from $32.38
Rent
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
You could win $10,000

Get an entry for every item you buy, rent, or sell.

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Calculus 1 Online content $4.95 $1.99
Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $105.99
Edition: 2nd
Copyright year: 2013
Publisher: Auerbach Publishers, Incorporated
Publication date: 7/18/2012
Binding: Hardcover
Pages: 462
Size: 7.00" wide x 10.00" long x 1.00" tall
Weight: 2.464

This volume demonstrates the effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in public and private organizations. It provides an overview of C&A components, showing how to document the status of IT security controls and secure systems via repeatable processes.

Security Authorization of Information Systems
Introduction
Legal and Regulatory Framework for System Authorization
External Program Drivers
System-Level Security
Defining System Authorization
Resistance to System Authorization
Benefits of System Authorization
Key Elements of an Enterprise System Authorization Program
The Business Case
Goal Setting
Tasks and Milestones
Program Oversight
Visibility
Resources
Program Guidance
Special Issues
Program Integration
System Authorization Points of Contact
Measuring Progress
Managing Program Activities
Monitoring Compliance
Providing Advice and Assistance
Responding to Changes
Program Awareness, Training, and Education
Using Expert Systems
Waivers and Exceptions
NIST Special Publication 800-37, Revision 1, and the Application of the Risk Management Framework to Systems
Overview
Authority and Scope
Purpose and Applicability
Target Audience
Fundamentals of Information System Risk Management According to NIST SP 800-37, Revision 1
Guidance on Organization-Wide Risk Management
Organization Level (Tier 1)
Mission/Business Process Level (Tier 2)
Information System Level (Tier 3)
Guidance on Risk Management in the System Development Life Cycle
NIST's Risk Management Framework
Guidance on System Boundary Definition
Guidance on Software Application Boundaries
Guidance on Complex Systems
Guidance on the Impact of Technological Changes on System Boundaries
Guidance on Dynamic Subsystems
Guidance on External Subsystems
Guidance on Security Control Allocation
Guidance on Applying the Risk Management Framework
Summary of NIST Guidance
System Authorization Roles and Responsibilities
Primary Roles and Responsibilities
Other Roles and Responsibilities
Additional Roles and Responsibilities from NIST SP 800-37, Revision 1
Documenting Roles and Responsibilities
Job Descriptions
Position Sensitivity Designations
Personnel Transition
Time Requirements
Expertise Requirements
Using Contractors
Routine Duties
Organizational Skills
Organizational Placement of the System Authorization Function
The System Authorization Life Cycle
Initiation Phase
Acquisition/Development Phase
Implementation Phase
Operations/Maintenance Phase
Disposition Phase
Challenges to Implementation
Why System Authorization Programs Fail
Program Scope
Assessment Focus
Short-Term Thinking
Long-Term Thinking
Poor Planning
Lack of Responsibility
Excessive Paperwork
Lack of Enforcement
Lack of Foresight
Poor Timing
Lack of Support
System Authorization Project Planning
Planning Factors
Dealing with People
Team Member Selection
Scope Definition
Assumptions
Risks
Project Agreements
Project Team Guidelines
Administrative Requirements
Reporting
Other Tasks
Project Kickoff
Wrap-Up
Observations
The System Inventory Process
Responsibility
System Identification
Small Systems
Complex Systems
Combining Systems
Accreditation Boundaries
The Process
Validation
Inventory Information
Inventory Tools
Using the Inventory
Maintenance
Observations
Interconnected Systems
The Solution
Agreements in the System Authorization Process
Trust Relationships
Initiation
Time Issues
Exceptions
Maintaining Agreements
Security Authorization of Information Systems: Review Questions
Information System Categorization
Introduction
Defining Sensitivity
Data Sensitivity and System Sensitivity
Sensitivity Assessment Process
Data Classification Approaches
Responsibility for Data Sensitivity Assessment
Ranking Data Sensitivity
National Security Information
Criticality
Criticality Assessment
Criticality in the View of the System Owner
Ranking Criticality
Changes in Criticality and Sensitivity
NIST Guidance on System Categorization
Task 1-1: Categorize and Document the Information System
Task 1-2: Describe the Information System
Task 1-3: Register the Information System
Information System Categorization: Review Questions
Establishment of the Security Control Baseline
Introduction
Minimum Security Baselines and Best Practices
Security Controls
Levels of Controls
Selecting Baseline Controls
Use of the Minimum Security Baseline Set
Common Controls
Observations
Assessing Risk
Background
Risk Assessment in System Authorization
The Risk Assessment Process
Step 1: System Characterization
Step 2: Threat Identification
Step 3: Vulnerability Identification
Step 4: Control Analysis
Step 5: Likelihood Determination
Step 6: Impact Analysis
Step 7: Risk Determination
Step 8: Control Recommendations
Step 9: Results Documentation
Conducting the Risk Assessment
Risk Categorization
Documenting Risk Assessment Results
Using the Risk Assessment
Overview of NIST Special Publication 800-30, Revision 1
Observations
System Security Plans
Applicability
Responsibility
Plan Contents
What a Security Plan Is Not
Plan Initiation
Information Sources
Security Plan Development Tools
Plan Format
Plan Approval
Plan Maintenance
Plan Security
Plan Metrics
Resistance to Security Planning
Observations
NIST Guidance on Security Controls Selection
Task 2-1: Identify Common Controls
Task 2-2: Select Security Controls
Task 2-3: Develop Monitoring Strategy
Task 2-4: Approve Security Plan
Establishment of the Security Control Baseline: Review Questions
Application of Security Controls
Introduction
Security Procedures
Purpose
The Problem with Procedures
Responsibility
Procedure Templates
Process for Developing Procedures
Style
Formatting
Access
Maintenance
Common Procedures
Procedures in the System Authorization Process
Observations
Remediation Planning
Managing Risk
Applicability of the Remediation Plan
Responsibility for the Plan
Risk Remediation Plan Scope
Plan Format
Using the Plan
When to Create the Plan
Risk Mitigation Meetings
Observations
NIST Guidance on Implementation of Security Controls
Task 3-1: Implement Security Controls
Task 3-2: Document Security Control Implementation
Application of Security Controls: Review Questions
Assessment of Security Controls
Introduction
Scope of Testing
Level of Effort
Assessor Independence
Developing the Test Plan
The Role of the Host
Test Execution
Documenting Test Results
NIST Guidance on Assessment of Security Control Effectiveness
Task 4-1: Prepare for Controls Assessment
Task 4-2: Assess Security Controls
Task 4-3: Prepare Security Assessment Report
Task 4-4: Conduct Remediation Actions
Assessment of Security Controls: Review Questions
Information System Authorization
Introduction
System Authorization Decision Making
The System Authorization Authority
Authorization Timing
The Authorization Letter
Authorization Decisions
Designation of Approving Authorities
Approving Authority Qualifications
Authorization Decision Process
Actions Following Authorization
Observations
Essential System Authorization Documentation
Authority
System Authorization Package Contents
Excluded Documentation
The Certification Statement
Transmittal Letter
Administration
Observations
NIST Guidance on Authorization of Information Systems
Task 5-1: Prepare Plan of Action and Milestones
Task 5-2: Prepare Security Authorization Package
Task 5-3: Conduct Risk Determination
Task 5-4: Perform Risk Acceptance
Security Controls Monitoring
Introduction
Continuous Monitoring
Configuration Management/Configuration Control
Security Controls Monitoring
Status Reporting and Documentation
Key Roles in Continuous Monitoring
Reaccreditation Decision
NIST Guidance on Ongoing Monitoring of Security Controls and Security State of the Information System
Task 6-1: Analyze Impact of Information System and Environment Changes
Task 6-2: Conduct Ongoing Security Control Assessments
Task 6-3: Perform Ongoing Remediation Actions
Task 6-4: Perform Key Updates
Task 6-5: Report Security Status
Task 6-6: Perform Ongoing Risk Determination and Acceptance
Task 6-7: Information System Removal and Decommissioning
Security Controls Monitoring: Review Questions
System Authorization Case Study
Situation
Action Plan
Lessons Learned
Tools
Document Templates
Coordination
Role of the Inspector General
Compliance Monitoring
Measuring Success
Project Milestones
Interim Accreditation
Management Support and Focus
Results and Future Challenges
The Future of Information System Authorization
References
Glossary
Sample Statement of Work
Sample Project Work Plan
Sample Project Kickoff Presentation Outline
Sample Project Wrap-Up Presentation Outline
Sample System Inventory Policy
Sample Business Impact Assessment
Sample Rules of Behavior (General Support System)
Sample Rules of Behavior (Major Application)
Sample System Security Plan Outline
Sample Memorandum of Understanding
Sample Interconnection Security Agreement
Sample Risk Assessment Outline
Sample Security Procedure
Sample Certification Test Results Matrix
Sample Risk Remediation Plan
Sample Certification Statement
Sample Accreditation Letter
Sample Interim Accreditation Letter
Certification and Accreditation Professional (CAP�“) Common Body of Knowledge (CBK�“)
Answers to Review Questions

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×