Building and Implementing a Security Certification and Accreditation Program
Auerbach (Verlag)
978-0-8493-2062-0 (ISBN)
- Titel erscheint in neuer Auflage
- Artikel merken
Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes. This book consists of four main sections. It begins with a description of what it takes to build a certification and accreditation program at the organization level, followed by an analysis of various C&A processes and how they interrelate. The text then provides a case study of the successful implementation of certification and accreditation in a major U.S. government department. It concludes by offering a collection of helpful samples in the appendices.
Building a Successful Enterprise Certification and
Accreditation Program
Key Elements of an Enterprise Certification and
Accreditation Program
Certification and Accreditation Roles and
Responsibilities
The Certification and Accreditation Life Cycle
Why Certification and Accreditation Programs Fail
Certification and Accreditation Processes
Certification and Accreditation Project Planning
System Inventory Process
Assessing Data Sensitivity and Criticality
System Security Plans
Coordinating Security for Interconnected Systems
Minimum Security Baselines and Best Practices
Assessing Risk
Security Procedures
Certification Testing
Remediation Planning
Essential Certification and Accreditation
Documentation
Documenting the Accreditation Decision
Certification and Accreditation Case Study
The Future of Certification and Accreditation
Appendices
Certification and Accreditation References
Glossary
Sample Statement of Work
Sample Project Work Plan
Sample Project Kickoff Presentation Outline
Sample Project Wrap-Up Presentation Outline
Sample System Inventory Policy
Sample Business Impact Assessment
Sample Rules of Behavior (General Support System)
Sample Rules of Behavior (Major Application)
Sample System Security Plan Outline
Sample Memorandum of Understanding
Sample Interconnection Security Agreement
Sample Risk Assessment Outline
Sample Security Procedure
Sample Certification Test Results Matrix
Sample Risk Remediation Plan
Sample Certification Statement
Sample Accreditation Letter
Sample Interim Accreditation Letter
| Erscheint lt. Verlag | 15.12.2005 |
|---|---|
| Reihe/Serie | ISC2 Press |
| Zusatzinfo | 43 Tables, black and white; 5 Illustrations, black and white |
| Verlagsort | London |
| Sprache | englisch |
| Maße | 156 x 234 mm |
| Gewicht | 635 g |
| Themenwelt | Mathematik / Informatik ► Informatik ► Theorie / Studium |
| ISBN-10 | 0-8493-2062-3 / 0849320623 |
| ISBN-13 | 978-0-8493-2062-0 / 9780849320620 |
| Zustand | Neuware |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
