Автор: Leighton Johnson
Издательство: Syngress
ISBN: 0128023244
Год: 2016
Страниц: 678
Язык: английский
Формат: pdf (true)
Размер: 35.9 MB
Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place.
Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems.
Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed.
Within the US government’s requirements for operating and maintaining federal information systems safely and securely is the built-in need to validate and verify the operational, technical, and managerial security for each system, office, data component, and individual bit of information that is used, exchanged, stored, acted upon, and utilized by the governmental agency. Each governmental agency is required by law (both Federal Information Security Management Act (FISMA) and Privacy Act) to ensure the data and information it retains during the normal course of its activities be confidential (if it is not public information), accurate, and retrievable when needed. This process for ensuring the security of the systems and information is known in the federal community as “assessment” and is usually conducted by relatively independent organizations and individuals called “assessors.” This handbook is developed to provide assessors and other interested personnel the guides, techniques, tools, and knowledge to conduct these assessments for most all federal information systems.
Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization.
Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts.
Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques.
Скачать Security Controls Evaluation, Testing, and Assessment Handbook