Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover image Title page Table of Contents Copyright Dedication
Author Acknowledgments
About the Author Foreword Chapter 1. FISMA Compliance Overview
Abstract Topics in this chapter Introduction Terminology Processes and paperwork Templates streamline the process FISMA oversight and governance Supporting government security regulations Summary References
Chapter 2. FISMA Trickles into the Private Sector
Abstract Topics in this chapter Introduction and authorities Inspector General reports What should NGOs do regarding FISMA? FISMA compliance tools Summary
Chapter 3. FISMA Compliance Methodologies
Abstract Topics in this chapter Introduction The NIST risk management framework (RMF) Defense information assurance C&A process (DIACAP) Department of defense (DoD) risk management framework (RMF) ICD 503 and DCID 6/3 The common denominator of FISMA compliance methodologies FISMA compliance for private enterprises Legacy methodologies Summary Notes
Chapter 4. Understanding the FISMA Compliance Process
Abstract Topics in this chapter Introduction Recognizing the need for FISMA compliance Roles and responsibilities Stepping through the process FISMA project management Summary
Chapter 5. Establishing a FISMA Compliance Program
Abstract Topics in this chapter Introduction Compliance handbook development Create a standardized security assessment process Provide package delivery instructions Authority and endorsement Improve your compliance program each year Problems of not having a compliance program Summary
Chapter 6. Getting Started on Your FISMA Project
Abstract Topics in this chapter Introduction Initiate your project Analyze your research Develop the documents Verify your information Retain your ethics Summary
Chapter 7. Preparing the Hardware and Software Inventory
Abstract Topics in this chapter Introduction Determining the system boundaries Collecting the inventory information Structure of inventory information Delivery of inventory document Summary
Chapter 8. Categorizing Data Sensitivity
Abstract Topics in this chapter Introduction Heed this warning before you start Confidentiality, Integrity, and Availability Template for FIPS 199 Profile The explanatory memo National Security Systems Summary
Chapter 9. Addressing Security Awareness and Training
Abstract Topics in this chapter Introduction and authorities Purpose of security awareness and training Elements of the security awareness and training plan Specialized security training Security awareness The awareness and training message Security awareness and training checklist Security awareness course evaluation Summary Reference
Chapter 10. Addressing Rules of Behavior
Abstract Topics in this chapter Introduction Implementing Rules of Behavior Rules for internal and external users What rules to include Consequences of noncompliance Rules of Behavior checklist Summary
Chapter 11. Developing an Incident Response Plan
Abstract Topics in this chapter Introduction Purpose and applicability Policies, procedures, and guidelines Reporting framework Roles and responsibilities Definitions Incident handling Forensic investigations Incident types Incident Response Plan checklist Security Incident Reporting Form Summary Additional resources Incident response organizations Books on incident response Articles and papers on incident response
Chapter 12. Conducting a Privacy Impact Assessment
Abstract Topics in this chapter Introduction Privacy laws, regulations, and rights OMB Memoranda with privacy implications Laws and regulations When to conduct a PIA? Questions for a privacy impact assessment Personally identifiable information (PII) Persistent tracking technologies Decommissioning of PII System of record notice (SORN) Posting the privacy policy PIA checklist Summary Books on privacy References
Chapter 13. Preparing the Business Impact Analysis
Abstract Topics in this chapter Introduction Terminology Document actual recovery times Establish relative recovery priorities Define escalation thresholds Record license keys BIA Organization Summary Additional resources
Chapter 14. Developing the Contingency Plan
Abstract Topics in this chapter Introduction List assumptions Concept of operations Roles and responsibilities Levels of disruption Procedures Line of succession Service-Level Agreements Contact lists Testing the Contingency Plan Appendices Contingency Plan checklist Additional resources
Chapter 15. Developing a Configuration Management Plan
Abstract Topics in this chapter Introduction Establish definitions Describe assets controlled by the plan Describe the configuration management system Define roles and responsibilities Describe baselines Change control process Configuration management audit Configuration and change management tools Configuration Management Plan checklist Summary Additional resources
Chapter 16. Preparing the System Security Plan
Abstract Topics in this chapter Introduction Laws, regulations, and policies The system description Security controls and requirements Management controls Operational controls Technical controls ISSO appointment letter System security plan checklist Summary Additional resources Note
Chapter 17. Performing the Business Risk Assessment
Abstract Topics in this chapter Introduction Determine the mission Create a mission map Construct risk statements Describe the sensitivity model Quantitative risk assessment Qualitative versus quantitative risk assessment Make an informed decision Summary Books and articles on risk assessment References
Chapter 18. Getting Ready for Security Testing
Abstract Topics in this chapter Introduction and authorities Planning Scoping Assumptions and constraints Schedule Rules of Engagement Limitation of Liability End of testing Summary Additional resources
Chapter 19. Submitting the Security Package
Abstract Topics in this chapter Introduction Structure of documents Who puts the package together? Markings and format Signature pages A word about “Not Applicable” information Submission and revision Defending the Security Package Checklist Summary Additional resources
Chapter 20. Independent Assessor Audit Guide
Abstract Topics in this chapter Introduction Test against the System’s security control baseline How does confidentiality, integrity, and availability fit in? Manual and automated testing Security testing tools Infrastructure scanners Evaluations by Inspector Generals Evaluations by the Government Accountability Office Summary
Chapter 21. Developing the Security Assessment Report
Abstract Topics in this chapter Introduction Analysis of test results Risk assessment methodology Present the risks Checklist Make decisions Certification Authority to operate Interim authority to operate Summary Additional resources
Chapter 22. Addressing FISMA Findings
Abstract Topics in this chapter Introduction POA&Ms Development and approval POA&M elements A word to the wise Checklist Summary
Chapter 23. FedRAMP: FISMA for the Cloud
Abstract Topics in this chapter Introduction What is cloud computing? Looking at virtual machines another way Sharding Content delivery networks FedRAMP security independent assessors FedRAMP security assessments The great value of FedRAMP FedRAMP organization Summary Resources
Appendix A. FISMA
Title III—Information Security
Appendix B. OMB Circular A-130 Appendix III
Security of federal automated information resources
Appendix C. FIPS 199
Foreword Authority Table of contents 1 Purpose 2 Applicability 3 Categorization of information and information systems APPENDIX A Terms and definitions APPENDIX B References
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion