FISMA Principles and Best Practices: Beyond Compliance / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $71.32
Usually ships in 1-2 business days
(Save 10%)
Other sellers (Hardcover)
  • All (9) from $71.32   
  • New (7) from $71.32   
  • Used (2) from $84.37   


While many agencies struggle to comply with Federal Information Security Management Act (FISMA) regulations, those that have embraced its requirements have found that their comprehensive and flexible nature provides a sound security risk management framework for the implementation of essential system security controls. Detailing a proven approach for establishing and implementing a comprehensive information security program, FISMA Principles and Best Practices: Beyond Compliance integrates compliance review, technical monitoring, and remediation efforts to explain how to achieve and maintain compliance with FISMA requirements.

Based on the author’s experience developing, implementing, and maintaining enterprise FISMA-based information technology security programs at three major federal agencies, including the U.S. Department of Housing and Urban Development, the book gives you workable solutions for establishing and operating an effective security compliance program. It delineates the processes, practices, and principles involved in managing the complexities of FISMA compliance. Describing how FISMA can be used to form the basis for an enterprise security risk management program, the book:

  • Provides a comprehensive analysis of FISMA requirements
  • Highlights the primary considerations for establishing an effective security compliance program
  • Illustrates successful implementation of FISMA requirements with numerous case studies

Clarifying exactly what it takes to gain and maintain FISMA compliance, Pat Howard, CISO of the Nuclear Regulatory Commission, provides detailed guidelines so you can design and staff a compliance capability, build organizational relationships, gain management support, and integrate compliance into the system development life cycle. While there is no such thing as absolute protection, this up-to-date resource reflects the important security concepts and ideas for addressing information security requirements mandated for government agencies and companies subject to these standards.

Read More Show Less

Product Details

  • ISBN-13: 9781420078299
  • Publisher: CRC Press
  • Publication date: 4/19/2011
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 345
  • Sales rank: 944,340
  • Product dimensions: 6.30 (w) x 9.20 (h) x 1.00 (d)

Meet the Author

Patrick D. Howard has over 38 years of experience in the security industry, and has worked in the computer security field for the past 23 years. Mr. Howard has served as the Chief Information Security Officer at the Nuclear Regulatory Commission since March 17, 2008, and is responsible for managing NRC’s enterprise-wide information security program. Prior to joining NRC, Mr. Howard was employed at the Department of Housing and Urban Development for 3 years, where he served as HUD’s Chief Information Security Officer and managed the Department’s enterprise-wide information technology security program.

Mr. Howard led HUD to a first ever "A+" score on Congress’ 2006 FISMA Report Card and was recognized as a 2007 Fed 100 winner for his accomplishments in government information technology. Prior to joining HUD, Mr. Howard was employed by the Titan Corporation supporting the Department of Transportation where he served as the Department’s Certification and Accreditation Program Manager. Mr. Howard is co-author of the Total CISSP Exam Prep Book, and author of Building and Implementing a Security Certification and Accreditation Program.

Mr. Howard received a bachelor’s degree in History from the University of Oklahoma and an master's degree in International Relations from Boston University. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM). He is a member of the American Council for Technology/Industry Advisory Council (ACT/IAC) InfoSec and Privacy Shared Interest Group Government Advisory Panel and the International Information Systems Security Certification Consortium’s Government Advisory Board and the Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy, Michigan.

Read More Show Less

Table of Contents

Analysis of the Federal Information Security Management Act (FISMA)
Principles of FISMA Reporting

Managing FISMA Compliance
Management Support The Information Security Organization Staffing Considerations Program Planning Developing Policy and Guidance Training and Awareness Audit Liaison Monitoring Mechanisms Life-Cycle Issues Outreach


The FISMA Legislation OMB FISMA Reporting Guidelines OMB FISMA FY10 Reporting Questionnaires Consensus Audit Guidelines Bibliography


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)