Security controls evaluation, testin...
Johnson, Leighton,

FindBook      Google Book      Amazon      博客來     
  • Security controls evaluation, testing, and assessment handbook
  • 紀錄類型: 書目-電子資源 : Monograph/item
    正題名/作者: Security controls evaluation, testing, and assessment handbook/ Leighton Johnson.
    作者: Johnson, Leighton,
    出版者: Waltham, MA :Syngress is an imprint of Elsevier, : 2016.,
    面頁冊數: 1 online resource.
    附註: Includes index.
    內容註: Cover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1 -- Introduction to Assessments; Chapter 2 -- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3 -- Statutory and Regulatory GRC; Statutory requirements; Privacy Act -- 1974; CFAA -- 1986; ECPA -- 1986; CSA -- 1987; CCA -- 1996; HIPAA -- 1996; EEA -- 1996; GISRA -- 1998; USA PATRIOT Act -- 2001; FISMA -- 2002; Sarbanes-Oxley -- 2002; Health Information Technology for Economic and Clinical Health Act -- 2009; Executive Orders/Presidential Directives.
    內容註: Federal processing standardsFIPS-140 -- Security Requirements for Cryptographic Modules; FIPS-186 -- Digital Signature Standard (DSS); FIPS-190 -- Guideline for the Use of Advanced Authentication Technology Alternatives; FIPS-191 -- Guideline for the Analysis Local Area Network Security; FIPS-199 -- Standards for Security Categorization of Federal Information and Information Systems; FIPS-200 -- Minimum Security Requirements for Federal Information and Information Systems; FIPS-201 -- Personal Identity Verification of Federal Employees and Contractors; Regulatory requirements; DOD; CNSS; HHS.
    內容註: HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 -- Federal RMF Requirements; Federal civilian agencies; DOD -- DIACAP -- RMF for DOD IT; IC -- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 -- Risk Management Framework; Step 1 -- categorization; Step 2 -- selection; Step 3 -- implementation; Step 4 -- assessment; Step 5 -- authorization; Step 6 -- monitoring; Continuous Monitoring for Current Systems; Chapter 6 -- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA.
    內容註: NIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter -- 7 -- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4 -- Assess Security Controls; SP 800-115; RMF Knowledge Service.
    內容註: ISO 27001/27002Chapter -- 8 -- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter -- 9 -- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter -- 10 -- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques.
    標題: Risk management. -
    電子資源: https://www.sciencedirect.com/science/book/9780128023242
    ISBN: 9780128025642 (electronic bk.)
館藏地:  出版年:  卷號: 
館藏
  • 1 筆 • 頁數 1 •
  • 1 筆 • 頁數 1 •
多媒體
評論
Export
取書館
 
 
變更密碼
登入