By Laura P. Taylor and L. As the federal regulators have come to understand the risks to the U. An outcome of the laws and regulations is a formalized process for reviewing, documenting, analyzing, and evaluating information security requirements and controls. The audience for this book includes those individuals currently performing information security support at U. Federal agencies, defense contractors that need to comply with FISMA to support government task orders, information security consultants, and anyone else who would like to learn a very thorough methodology for conducting information security audits to safeguard sensitive information, mission-critical applications, and their underlying infrastructure.
|Published (Last):||24 December 2016|
|PDF File Size:||4.82 Mb|
|ePub File Size:||13.10 Mb|
|Price:||Free* [*Free Regsitration Required]|
By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation. Various flavors of accreditation are discussed in chapter 2 of the book. As we have already stated, the official that approves the certification is responsible for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs.
But this cannot be absolute; the questions - how bad could it be and how likely events are to occur - are the foundation for risk management. The management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an information systemthe security controls necessary to protect individuals and the operations and assets of the organization.
After completing chapter 17, you ought to be able to complete a system risk assessment. Also, the Internet Technology Process Institute sells a benchmark ; they did over hours of research to identify 21 control families that have the greatest impact. Chapter 8 of the book has a great set of questions to help you determine the presence, absence and effectiveness of security controls. The bottom line: this book is complete, comprehensive, and accurate. I could not find one single example of the obtuse writing that tends to show up in the NIST and other government documents.
It gives you a path through the Federal certification and accreditation maze. Email us at info sans. By Lehlan Decker May By Jason Bohreer Jun Nothing pays dividends like practical experience. Many programs attempt it, but the SANS Technology Institute helps students use the latest cyber techniques to pursue objectives commonly encountered on the operations floor. STI courses don't just cover concept and theory; they provide hands-on experience with leading technology.
Book Reviews. Contact Us info sans.
FISMA Certification and Accreditation Handbook
Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions. Laura P.
FISMA Certification and Accreditation Handbook by Laura P. Taylor, L. Taylor