Read more
Zusatztext Praise for the popular first edition:This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria? Pat has structured this book to address the key issues in certification and accreditation! including roles and responsibilities! the life cycle! and even a discussion of pitfalls to avoid. As with all of Pat's work! he provides the reader with practical information on what works and what does not ? Even if government certification and accreditation is not your concern! the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.-Thomas R. Peltier! Peltier Associates! Member of the ISSA Hall of Fame Informationen zum Autor Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008–2012, and for the Department of Housing and Urban Development from 2005–2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book , 2002; Building and Implementing a Security Certification and Accreditation Program , 2006; and Beyond Compliance: FISMA Principles and Best Practices , 2011. He is a member of the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984. Klappentext Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes. This book consists of four main sections. It begins with a description of what it takes to build a certification and accreditation program at the organization level, followed by an analysis of various C&A processes and how they interrelate. The text then provides a case study of the successful implementation of certification and accreditation in a major U.S. government department. It concludes by offering a collection of helpful samples in the appendices. Zusammenfassung Demonstrates the effectiveness of certification and accreditation as a risk management methodology for IT systems in public and private organizations. This work provides security professionals with an overview of C&A components, showing them how to document the status of IT security controls and secure systems via standard, repeatable processes. Inhaltsverzeichnis Building a Successful Enterprise Certification and Accreditation Program. Certification and Accreditation Processes. Certification and Accreditation Case Study. The Future of Certification and Accreditation....
