Building and Implementing a Security Certification and Accreditation Program: OFFICIAL (ISC)2 GUIDE to the CAPcm CBK / Edition 1 available in Hardcover
- Pub. Date:
- Taylor & Francis
Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes.
This book consists of four main sections. It begins with a description of what it takes to build a certification and accreditation program at the organization level, followed by an analysis of various C&A processes and how they interrelate. The text then provides a case study of the successful implementation of certification and accreditation in a major U.S. government department. It concludes by offering a collection of helpful samples in the appendices.
Table of Contents
Building a Successful Enterprise Certification and
Key Elements of an Enterprise Certification and Accreditation Program Certification and Accreditation Roles and Responsibilities The Certification and Accreditation Life Cycle Why Certification and Accreditation Programs Fail
Certification and Accreditation Processes
Certification and Accreditation Project Planning System Inventory Process Assessing Data Sensitivity and Criticality System Security Plans Coordinating Security for Interconnected Systems Minimum Security Baselines and Best Practices Assessing Risk Security Procedures Certification Testing Remediation Planning Essential Certification and Accreditation Documentation Documenting the Accreditation Decision
Certification and Accreditation Case Study
The Future of Certification and Accreditation
Certification and Accreditation References Glossary Sample Statement of Work Sample Project Work Plan Sample Project Kickoff Presentation Outline Sample Project Wrap-Up Presentation Outline Sample System Inventory Policy Sample Business Impact Assessment Sample Rules of Behavior (General Support System)
Sample Rules of Behavior (Major Application)
Sample System Security Plan Outline Sample Memorandum of Understanding Sample Interconnection Security Agreement Sample Risk Assessment Outline Sample Security Procedure Sample Certification Test Results Matrix Sample Risk Remediation Plan Sample Certification Statement Sample Accreditation Letter Sample Interim Accreditation Letter