LitArk » Books » Business

Johnson - Security Controls Evaluation, Testing, and Assessment Handbook

Here you can read online Johnson - Security Controls Evaluation, Testing, and Assessment Handbook full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. City: United States;Waltham;MA;USA, year: 2016;2015, publisher: Elsevier Science;Syngress is an imprint of Elsevier, genre: Business. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Book:
Security Controls Evaluation, Testing, and Assessment Handbook
Author:
Johnson / Leighton
Publisher:
Elsevier Science;Syngress is an imprint of Elsevier
Genre:
Books / Business
Year:
2016;2015
City:
United States;Waltham;MA;USA
Rating:
3 / 5
Favourites:
Add to favourites
Your mark:
- 60
- 1
- 2
- 3
- 4
- 5

Description
Author's other books
Similar books

Security Controls Evaluation, Testing, and Assessment Handbook: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Security Controls Evaluation, Testing, and Assessment Handbook" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

This handbook provides an approach to evaluation and testing of security controls to prove they are functioning correctly in todays IT systems. It shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities--which most are--then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. It provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. --

Johnson: author's other books

Who wrote Security Controls Evaluation, Testing, and Assessment Handbook? Find out the surname, the name of the author of the book and a list of all author's works by series.

Security Controls Evaluation, Testing, and Assessment Handbook — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Security Controls Evaluation, Testing, and Assessment Handbook" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

↓

↑

Reset

Interval:

↓

↑

Bookmark:

Make

Security Controls Evaluation, Testing, and Assessment Handbook

Leighton Johnson

Table of Contents

Acquiring Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Production Project Manager: Mohana Natarajan

Cover Designer: Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802324-2

For information on all Syngress publications visit our website at http://store.elsevier.com/Syngress

Typeset by Thomson Digital

Dedication I dedicate this book to Marie my secretary for her continued - photo 3

Dedication

I dedicate this book to Marie, my secretary, for her continued support, initial editing of the text, and constant efforts to complete this project. I appreciate the full support of the crew at the BARCROFT SBUKS, especially Quanah, Dante, Jackie, Mars, Raynel, Ellen, and Lee, as I wrote of this while there over the past few months. Further, RKS has provided support and guidance during the research and writing efforts.

Introduction

The approach of this book is to take FISMA, NIST guidance, and DOD policy guidance and provide a detailed hands-on guide to performing assessment events in the federal space since, as of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework as found in Special Publication (SP) 800-37, rev. 1. This book will provide assessment guidance for federal civilian agencies, DOD and IC-type authorization efforts following the CNSS 4015, DIACAP/RMF-DOD validator, and NIST-based SCA requirements and documentation along with my practical experience of performing and overseeing these efforts for 12 different federal agencies on 31 different types of systems over the past 4.5 years.

We will use the NIST SP 800-53A, NIST SP 800-115, DODs RMF Knowledge Service, and the NIST control families assessment guides for our exploration of the needs, requirements, and actual test and evaluation efforts for all of the security controls. Each of the controls has a unique way it can and should be evaluated through test, examination, and key personnel interviews and each of these will be explained and discussed. We will supplement this process with detailed technical, operational, and administrative knowledge for each control, as needed, with data from the various best practices Special Publications from NIST, technical support data available from various security vendors, best business practices gathered from industry, and in-depth knowledge of controls and their assessment gleaned from hands-on utilization and evaluation efforts.

Section I

Chapter 1

Introduction to Assessments

Abstract

Introduction to the security control assessment process is provided for the three types of controls found throughout the National Institute of Standards and Technology (NIST) and US Department of Defense (DOD) systems: operational, management, and technical; assessment process is introduced.

Keywords

introduction

assessment

Within the US governments requirements for operating and maintaining federal information systems safely and securely is the built-in need to validate and verify the operational, technical, and managerial security for each system, office, data component, and individual bit of information that is used, exchanged, stored, acted upon, and utilized by the governmental agency. Each governmental agency is required by law (both Federal Information Security Management Act (FISMA) and Privacy Act ) to ensure the data and information it retains during the normal course of its activities be confidential (if it is not public information), accurate, and retrievable when needed. This process for ensuring the security of the systems and information is known in the federal community as assessment and is usually conducted by relatively independent organizations and individuals called assessors. This handbook is developed to provide assessors and other interested personnel the guides, techniques, tools, and knowledge to conduct these assessments for most all federal information systems. We will examine the needs and requirements for assessments, look at the methodologies for providing the assessments in three distinct formats ( basic , focused , and comprehensive ), and go in depth on the actual assessment techniques of examinations, interviews, and testing for and of each of the security controls as defined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. SP 800-53 defines the security controls needed, required, or recommended for each federal information system. This security control catalog is extremely extensive and contains a vast number and types of security controls throughout the managerial, operational, and technical domains.

Generally speaking these three security control arenas cover:

Management : Actions taken to manage the development, maintenance, and use of the system

a. Examples are policies, procedures, and rules of behavior.

Operational : Day-to-day mechanisms and procedures used to protect operational systems and environment

a. Examples are awareness training, configuration management, and incident response.

Light

Font size:

↓

↑

Reset

Interval:

↓

↑

Bookmark:

Make

Similar books «Security Controls Evaluation, Testing, and Assessment Handbook»

Look at similar books to Security Controls Evaluation, Testing, and Assessment Handbook. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.

Alistair J.K. Shepherd

The EU Security Continuum: Blurring Internal and External Security

Mark Dunkerley

Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, 2nd Edition

Center for Internet Security

CIS Critical Security Controls

Joseph MacMillan

Infosec Strategies and Best Practices: Gain proficiency in information security using expert-level strategies and best practices

Karl Ots

Azure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment

Christine H. Doxey

Internal Controls Toolkit

Lehtinen Rick

Computer security basics

Gibson Darril

SSCP Systems Security Certified Practitioner: all-in-one exam guide

Gibson

SSCP systems security certified practitioner: all-in-one exam guide

Aaron Johns

Mastering Wireless Penetration Testing for Highly-Secured Environments

Rick Lehtinen

Computer Security Basics

Eric D. Knapp

Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure

Reviews about «Security Controls Evaluation, Testing, and Assessment Handbook»

Discussion, reviews of the book Security Controls Evaluation, Testing, and Assessment Handbook and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.