FISMA and the Risk Management Framework The New Practice of Federal Cyber Security
Chapter 1: Introduction
Chapter 2: Federal Information Security Fundamentals
Chapter 3: Thinking About Risk
Chapter 4: Thinking About Systems
Chapter 5: Success Factors
Chapter 6: Risk Management Framework Planning and Initiation
Chapter 7: Risk Management Framework Steps 1 & 2
Chapter 8: Risk Management Framework Steps 3 & 4
Chapter 9: Risk Management Framework Steps 5 & 6
Chapter 10: System Security Plan
Chapter 11: Security Assessment Report
Chapter 12: Plan of Action and Milestones
Chapter 13: Risk Management
Chapter 14: Continuous Monitoring
Chapter 15: Contingency Planning
Chapter 16: Privacy
Chapter 17: Federal Initiatives
Appendix A: References
Appendix B: Acronyms
Appendix C: Glossary
Index
Information Security Auditors; Information Security Analysts, Penetration Testers, FISMA compliance staff, ST&E contractors, Information Security Engineers
Dan is a respected information security practitioner specializing in Federal information security needs including FISMA, Cybersecurity, SCAP, FDCC, HSPD-12, risk management, governance, cloud computing, social media and web application security. He is founder of the FISMApedia.org wiki and FISMA Arts training project. You can find his comments and analysis at Guerilla-CISO.com and ArielSilverstone.com, where he is a guest blogger. As a sought after public speaker on Federal information security he is frequently featured in interviews and articles by a variety of security news sources and podcasts.
Dan started his career in IT at age 13, beta testing display terminals at ProType Corporation. Since that time he has held a variety of positions in the field. While often working on security issues (cryptography, host hardening, network hardening, resilient architectures and application security) he made information security his career in 1998 during his work at National Institute of Standards and Technology. In the Federal space he has worked with the National Institutes of Health, Department of Commerce Technology Administration, U.S. Agency for International Development and NIST. Having experienced Federal information security before and after FISMA he is a strong proponent of the changes FISMA has brought about.
Approaching information security with a strong focus on effective reduction of risk, Dan brings an technical and operational security perspective to the theory and practice of FISMA compliance. His long experience in the IT security field provides his Federal clients with depth of knowledge and a diverse skill set encompassing compliance, governance, practice, technology and risk management.
Stephen Gantz (CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G
- Learn how to build a robust, near real-time risk management system and comply with FISMA
- Discover the changes to FISMA compliance and beyond
- Gain your systems the authorization they need
Date de parution : 12-2012
Ouvrage de 584 p.
19x23.4 cm