Midlands State University Library
Image from Google Jackets

Security controls evaluation, testing, and assessment handbook / created by Leighton Johnson.

By: Material type: TextTextPublisher: Academic Press, an imprint of Elsevier, 2020Edition: Second editionDescription: ix, 778 pages : illustrations ; 28 cmContent type:
  • text
Media type:
  • unmediated
Carrier type:
  • volume
ISBN:
  • 9780128184271
Subject(s): LOC classification:
  • QA76.9.A25 JOH
Contents:
Front Cover; Security Controls Evaluation, Testing, and Assessment Handbook; Security Controls Evaluation, Testing, and Assessment Handbook; Copyright; Contents; Introduction; Introduction for second edition; Section I; 1 Introduction to assessments; 2 Risk, security, and assurance; Risk management; Risk assessments; Security controls; Privacy; 3 Statutory and regulatory GRC; Statutory requirements; Privacy Act-1974; CFAA-1986; ECPA-1986; CSA-1987; CCA-1996; HIPAA-1996; EEA-1996; GISRA-1998; USA PATRIOT ACT-2001; FISMA-2002; Sarbanes-Oxley (SOX)-2002 Health Information Technology Economic and Clinical Health Act (HITECH)-2009Federal Information Security Modernization Act (FISMA 2.0)-2014; The Cybersecurity Enhancement Act (CEA)-2014; The Cybersecurity Information Sharing Act (CISA)-2015; National Cybersecurity Protection Advancement Act (CPAA)-2015; Executive Orders/Presidential Directives; Federal processing standards; FIPS-140-Security requirements for cryptographic modules; FIPS-186-Digital Signature Standard (DSS); FIPS-197-Advanced Encryption Standard (AES) FIPS-199-Standards for security categorization of federal information and information systemsFIPS-200-Minimum security requirements for federal information and information systems; FIPS-201-Personal Identity Verification (PIV) of federal employees and contractors; FIPS-202-SHA-3 standard: permutation-based hash and extendable-output functions; Regulatory requirements; DOD; DODI 8500.01-cybersecurity; DODI 8510.01-``Risk Management Framework (RMF) for DoD Information Technology (IT)''; CNSS; CNSSI 1253-Security Categorization and Control Selection for National Security Systems CNSSI 1254-Risk management framework documentation, data element standards, and reciprocity process for national security s ... CNSSP 22-Policy on information assurance risk management for national security systems; HHS; HIPAA Security Rule; HIPAA Privacy Rule; HITECH breach reporting; OMB requirements for each agency; Circulars; A-130, T-5-managing information as a strategic resource-July 2016; A-130, T-4, Appendix III-published in 2000; Memoranda; M-02-01 Guidance for Preparing and Submitting Security Plans of Action and Milestones (Oct 2001) M04-04E-Authentication guidance for federal agenciesM06-15 Safeguarding PII; M06-19 PII reporting; M07-16 Safeguarding against and responding to the breach of Personally Identifiable Information; M10-15 FY 2010 Reporting instructions for the Federal Information Security Management Act and Agency Privacy Management; M10-28 clarifying cybersecurity responsibilities and activities of the Executive Office of the President and the Department ... ; M14-03 and M14-04; 4 Federal Risk Management Framework requirements; Federal civilian agencies; DOD-DIACAP-RMF for DOD IT; IC-ICD 503; FedRAMP
Summary: "Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews"--
Reviews from LibraryThing.com:
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)

Includes bibliographical references and index.

Front Cover; Security Controls Evaluation, Testing, and Assessment Handbook; Security Controls Evaluation, Testing, and Assessment Handbook; Copyright; Contents; Introduction; Introduction for second edition; Section I; 1 Introduction to assessments; 2 Risk, security, and assurance; Risk management; Risk assessments; Security controls; Privacy; 3 Statutory and regulatory GRC; Statutory requirements; Privacy Act-1974; CFAA-1986; ECPA-1986; CSA-1987; CCA-1996; HIPAA-1996; EEA-1996; GISRA-1998; USA PATRIOT ACT-2001; FISMA-2002; Sarbanes-Oxley (SOX)-2002 Health Information Technology Economic and Clinical Health Act (HITECH)-2009Federal Information Security Modernization Act (FISMA 2.0)-2014; The Cybersecurity Enhancement Act (CEA)-2014; The Cybersecurity Information Sharing Act (CISA)-2015; National Cybersecurity Protection Advancement Act (CPAA)-2015; Executive Orders/Presidential Directives; Federal processing standards; FIPS-140-Security requirements for cryptographic modules; FIPS-186-Digital Signature Standard (DSS); FIPS-197-Advanced Encryption Standard (AES) FIPS-199-Standards for security categorization of federal information and information systemsFIPS-200-Minimum security requirements for federal information and information systems; FIPS-201-Personal Identity Verification (PIV) of federal employees and contractors; FIPS-202-SHA-3 standard: permutation-based hash and extendable-output functions; Regulatory requirements; DOD; DODI 8500.01-cybersecurity; DODI 8510.01-``Risk Management Framework (RMF) for DoD Information Technology (IT)''; CNSS; CNSSI 1253-Security Categorization and Control Selection for National Security Systems CNSSI 1254-Risk management framework documentation, data element standards, and reciprocity process for national security s ... CNSSP 22-Policy on information assurance risk management for national security systems; HHS; HIPAA Security Rule; HIPAA Privacy Rule; HITECH breach reporting; OMB requirements for each agency; Circulars; A-130, T-5-managing information as a strategic resource-July 2016; A-130, T-4, Appendix III-published in 2000; Memoranda; M-02-01 Guidance for Preparing and Submitting Security Plans of Action and Milestones (Oct 2001) M04-04E-Authentication guidance for federal agenciesM06-15 Safeguarding PII; M06-19 PII reporting; M07-16 Safeguarding against and responding to the breach of Personally Identifiable Information; M10-15 FY 2010 Reporting instructions for the Federal Information Security Management Act and Agency Privacy Management; M10-28 clarifying cybersecurity responsibilities and activities of the Executive Office of the President and the Department ... ; M14-03 and M14-04; 4 Federal Risk Management Framework requirements; Federal civilian agencies; DOD-DIACAP-RMF for DOD IT; IC-ICD 503; FedRAMP

"Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews"--

There are no comments on this title.

to post a comment.