FISMA certification & accreditation handbook / Laura Taylor; Matthew Shepherd, technical editor.

Format:

Book

Author/Creator:

Taylor, Laura.

Contributor:

Shepherd, Matthew.

Language:

English

Subjects (All):

Computer security.

Computer security--Standards.

Computer networks--Security measures.

Computer networks.

Data protection.

Physical Description:

1 online resource (529 p.)

Edition:

1st edition

Other Title:

Federal Information Security Management Act certification & accreditation handbook

Place of Publication:

Rockland, MA : Syngress, c2007.

Language Note:

English

System Details:

text file

Summary:

The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements.This book will explain what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws will be cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requi

Contents:

Front Cover; Fisma Certification & Accreditation; Copyright Page; Contents; Foreword; Preface; Chapter 1. What Is Certification and Accreditation?; Introduction; Terminology; Audit and Report Cards; A Standardized Process; Templates, Documents, and Paperwork; Certification and Accreditation Laws Summarized; Summary; Notes; Chapter 2. Types of Certification and Accreditation; Introduction; The NIACAP Process; The NIST Process; DITSCAP; DCID 6/3; The Common Denominator of All C&A Methodologies; C&A for Private Enterprises; Summary; Notes

Chapter 3. Understanding the Certification and Accreditation ProcessIntroduction; Recognizing the Need for C&A; Stepping through the Process; Summary; Chapter 4. Establishing a C&A Program; Introduction; C&A Handbook Development; Template Development; Provide Package Delivery Instructions; Create an Evaluation Process; Authority and Endorsement; Improve Your C&A Program Each Year; Problems of Not Having a C&A Program; Summary; Chapter 5. Developing a Certification Package; Introduction; Initiating Your C&A Project; Analyze Your Research; Preparing the Documents; Verify Your Information

Retain Your EthicsSummary; Chapter 6. Preparing the Hardware and Software Inventory; Introduction; Determining the Accreditation Boundaries; Collecting the Inventory Information; Structure of Inventory Information; Delivery of Inventory Document; Summary; Chapter 7. Determining the Certification Level; Introduction; What Are the C&A Levels?; Importance of Determining the C&A Level; Don't Make This Mistake; Criteria to Use for Determining the Levels; Confidentiality, Integrity, and Availability; Integrity; Availability; How to Categorize Multiple Data Sets; Impact Levels and System Criticality

System Attribute CharacteristicsDetermining Level of Certification; Template for Levels of Determination; Rationale for the Security Level Recommendation; Process and Rationale for the C&A Level Recommendation; The Explanatory Memo; Summary; Chapter 8. Performing and Preparing the Self-Assessment; Introduction; Objectives; Introduction; Designing the Survey; Questions for Self-Assessment Survey; Summary; Notes; Chapter 9. Addressing Security Awareness and Training Requirements; Purpose of Security Awareness and Training; Security Training; Security Awareness

The Awareness and Training MessageOnline Training Makes It Easy; Document Your Plan; Security Awareness and Training Checklist; Security Awareness Material Evaluation; Security Awareness Class Evaluation; Summary; Notes; Chapter 10. Addressing End-User Rules of Behavior; Introduction; Implementing Rules of Behavior; What Rules to Include; Consequences of Noncompliance; Rules of Behavior Checklist; Summary; Chapter 11. Addressing Incident Response; Introduction; Purpose and Applicability; Policies and Guidelines; Reporting Framework; Roles and Responsibilities; Definitions; Incident Handling

Forensic Investigations

Notes:

Description based upon print version of record.

Includes index.

ISBN:

9786612552472

9781282552470

1282552473

9780080506531

0080506534

OCLC:

191035131