Security Controls Evaluation, Testing, and Assessment Handbook
Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed. - Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. - Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts. - Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques.
1132570679
Security Controls Evaluation, Testing, and Assessment Handbook
Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed. - Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. - Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts. - Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques.
74.95 In Stock
Security Controls Evaluation, Testing, and Assessment Handbook

Security Controls Evaluation, Testing, and Assessment Handbook

by Leighton Johnson
Security Controls Evaluation, Testing, and Assessment Handbook
Add to Wishlist
Security Controls Evaluation, Testing, and Assessment Handbook

Security Controls Evaluation, Testing, and Assessment Handbook

by Leighton Johnson

Overview

Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed. - Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization. - Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts. - Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques.

Product Details

ISBN-13: 9780128025642
Publisher: Syngress Publishing
Publication date: 12/07/2015
Sold by: Barnes & Noble
Format: eBook
Pages: 678
File size: 40 MB
Note: This product may take a few minutes to download.

About the Author

Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of cybersecurity & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations, training events and seminars all across the United States, Asia and Europe. He has over 40 years' experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense activities.
Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of cybersecurity & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations, training events and seminars all across the United States, Asia and Europe. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense activities.

Table of Contents

- Introduction to Assessments - Risk and Security - Statutory & Regulatory GRC - Federal RMF Requirements - Risk Management Framework - SP 800-37, rev.1 - Roles and Responsibilities - Assessment Process - Assessment Methods - Assessment Techniques for each kind of control - Evidence of Assessment - Reporting - Conclusion Appendix A: Templates for RMF documents and artifacts commonly required or requested Appendix B: Templates for RMF Policies and Procedures by Control Family Appendix C: Assessment & Testing Tools

What People are Saying About This

From the Publisher

Understand how to assess and evaluate security controls on your system.

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Information Systems
Information Technology
Computers * Information Technology
Computers
Computers - General & Miscellaneous
Information Systems
Information Technology
Computers * Information Technology

Customer Reviews