دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: 1 نویسندگان: Steinberg. Joseph, Tipton. Harold F. سری: (ISC)2 Press ISBN (شابک) : 9781420094435, 9781420094442 ناشر: CRC Press سال نشر: 2011 تعداد صفحات: 454 زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 3 مگابایت
کلمات کلیدی مربوط به کتاب راهنمای رسمی (ISC)2® برای ISSMP® CBK®: معماری کامپیوتر -- امتحانات -- راهنماهای مطالعه، شبکه های کامپیوتری -- آزمون ها -- راهنمای مطالعه، امنیت کامپیوتر -- آزمون ها -- راهنمای مطالعه، پرسنل پردازش داده های الکترونیکی -- صدور گواهینامه.
در صورت تبدیل فایل کتاب Official (ISC)2® Guide to the ISSMP® CBK® به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب راهنمای رسمی (ISC)2® برای ISSMP® CBK® نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Content: Security Authorization of Information Systems Introduction Legal and Regulatory Framework for System Authorization External Program Drivers System-Level Security Defining System Authorization Resistance to System Authorization Benefits of System Authorization Key Elements of an Enterprise System Authorization Program The Business Case Goal Setting Tasks and Milestones Program Oversight Visibility Resources Program Guidance Special Issues Program Integration System Authorization Points of Contact Measuring Progress Managing Program Activities Monitoring Compliance Providing Advice and Assistance Responding to Changes Program Awareness, Training, and Education Using Expert Systems Waivers and Exceptions NIST Special Publication 800-37, Revision 1, and the Application of the Risk Management Framework to Systems Overview Authority and Scope Purpose and Applicability Target Audience Fundamentals of Information System Risk Management According to NIST SP 800-37, Revision 1 Guidance on Organization-Wide Risk Management Organization Level (Tier 1) Mission/Business Process Level (Tier 2) Information System Level (Tier 3) Guidance on Risk Management in the System Development Life Cycle NIST\'s Risk Management Framework Guidance on System Boundary Definition Guidance on Software Application Boundaries Guidance on Complex Systems Guidance on the Impact of Technological Changes on System Boundaries Guidance on Dynamic Subsystems Guidance on External Subsystems Guidance on Security Control Allocation Guidance on Applying the Risk Management Framework Summary of NIST Guidance System Authorization Roles and Responsibilities Primary Roles and Responsibilities Other Roles and Responsibilities Additional Roles and Responsibilities from NIST SP 800-37, Revision 1 Documenting Roles and Responsibilities Job Descriptions Position Sensitivity Designations Personnel Transition Time Requirements Expertise Requirements Using Contractors Routine Duties Organizational Skills Organizational Placement of the System Authorization Function The System Authorization Life Cycle Initiation Phase Acquisition/Development Phase Implementation Phase Operations/Maintenance Phase Disposition Phase Challenges to Implementation Why System Authorization Programs Fail Program Scope Assessment Focus Short-Term Thinking Long-Term Thinking Poor Planning Lack of Responsibility Excessive Paperwork Lack of Enforcement Lack of Foresight Poor Timing Lack of Support System Authorization Project Planning Planning Factors Dealing with People Team Member Selection Scope Definition Assumptions Risks Project Agreements Project Team Guidelines Administrative Requirements Reporting Other Tasks Project Kickoff Wrap-Up Observations The System Inventory Process Responsibility System Identification Small Systems Complex Systems Combining Systems Accreditation Boundaries The Process Validation Inventory Information Inventory Tools Using the Inventory Maintenance Observations Interconnected Systems The Solution Agreements in the System Authorization Process Trust Relationships Initiation Time Issues Exceptions Maintaining Agreements Security Authorization of Information Systems: Review Questions Information System Categorization Introduction Defining Sensitivity Data Sensitivity and System Sensitivity Sensitivity Assessment Process Data Classification Approaches Responsibility for Data Sensitivity Assessment Ranking Data Sensitivity National Security Information Criticality Criticality Assessment Criticality in the View of the System Owner Ranking Criticality Changes in Criticality and Sensitivity NIST Guidance on System Categorization Task 1-1: Categorize and Document the Information System Task 1-2: Describe the Information System Task 1-3: Register the Information System Information System Categorization: Review Questions Establishment of the Security Control Baseline Introduction Minimum Security Baselines and Best Practices Security Controls Levels of Controls Selecting Baseline Controls Use of the Minimum Security Baseline Set Common Controls Observations Assessing Risk Background Risk Assessment in System Authorization The Risk Assessment Process Step 1: System Characterization Step 2: Threat Identification Step 3: Vulnerability Identification Step 4: Control Analysis Step 5: Likelihood Determination Step 6: Impact Analysis Step 7: Risk Determination Step 8: Control Recommendations Step 9: Results Documentation Conducting the Risk Assessment Risk Categorization Documenting Risk Assessment Results Using the Risk Assessment Overview of NIST Special Publication 800-30, Revision 1 Observations System Security Plans Applicability Responsibility Plan Contents What a Security Plan Is Not Plan Initiation Information Sources Security Plan Development Tools Plan Format Plan Approval Plan Maintenance Plan Security Plan Metrics Resistance to Security Planning Observations NIST Guidance on Security Controls Selection Task 2-1: Identify Common Controls Task 2-2: Select Security Controls Task 2-3: Develop Monitoring Strategy Task 2-4: Approve Security Plan Establishment of the Security Control Baseline: Review Questions Application of Security Controls Introduction Security Procedures Purpose The Problem with Procedures Responsibility Procedure Templates Process for Developing Procedures Style Formatting Access Maintenance Common Procedures Procedures in the System Authorization Process Observations Remediation Planning Managing Risk Applicability of the Remediation Plan Responsibility for the Plan Risk Remediation Plan Scope Plan Format Using the Plan When to Create the Plan Risk Mitigation Meetings Observations NIST Guidance on Implementation of Security Controls Task 3-1: Implement Security Controls Task 3-2: Document Security Control Implementation Application of Security Controls: Review Questions Assessment of Security Controls Introduction Scope of Testing Level of Effort Assessor Independence Developing the Test Plan The Role of the Host Test Execution Documenting Test Results NIST Guidance on Assessment of Security Control Effectiveness Task 4-1: Prepare for Controls Assessment Task 4-2: Assess Security Controls Task 4-3: Prepare Security Assessment Report Task 4-4: Conduct Remediation Actions Assessment of Security Controls: Review Questions Information System Authorization Introduction System Authorization Decision Making The System Authorization Authority Authorization Timing The Authorization Letter Authorization Decisions Designation of Approving Authorities Approving Authority Qualifications Authorization Decision Process Actions Following Authorization Observations Essential System Authorization Documentation Authority System Authorization Package Contents Excluded Documentation The Certification Statement Transmittal Letter Administration Observations NIST Guidance on Authorization of Information Systems Task 5-1: Prepare Plan of Action and Milestones Task 5-2: Prepare Security Authorization Package Task 5-3: Conduct Risk Determination Task 5-4: Perform Risk Acceptance Security Controls Monitoring Introduction Continuous Monitoring Configuration Management/Configuration Control Security Controls Monitoring Status Reporting and Documentation Key Roles in Continuous Monitoring Reaccreditation Decision NIST Guidance on Ongoing Monitoring of Security Controls and Security State of the Information System Task 6-1: Analyze Impact of Information System and Environment Changes Task 6-2: Conduct Ongoing Security Control Assessments Task 6-3: Perform Ongoing Remediation Actions Task 6-4: Perform Key Updates Task 6-5: Report Security Status Task 6-6: Perform Ongoing Risk Determination and Acceptance Task 6-7: Information System Removal and Decommissioning Security Controls Monitoring: Review Questions System Authorization Case Study Situation Action Plan Lessons Learned Tools Document Templates Coordination Role of the Inspector General Compliance Monitoring Measuring Success Project Milestones Interim Accreditation Management Support and Focus Results and Future Challenges The Future of Information System Authorization Appendix A: References Appendix B: Glossary Appendix C: Sample Statement of Work Appendix D: Sample Project Work Plan Appendix E: Sample Project Kickoff Presentation Outline Appendix F: Sample Project Wrap-Up Presentation Outline Appendix G: Sample System Inventory Policy Appendix H: Sample Business Impact Assessment Appendix I: Sample Rules of Behavior (General Support System) Appendix J: Sample Rules of Behavior (Major Application) Appendix K: Sample System Security Plan Outline Appendix L: Sample Memorandum of Understanding Appendix M: Sample Interconnection Security Agreement Appendix N: Sample Risk Assessment Outline Appendix O: Sample Security Procedure Appendix P: Sample Certification Test Results Matrix Appendix Q: Sample Risk Remediation Plan Appendix R: Sample Certification Statement Appendix S: Sample Accreditation Letter Appendix T: Sample Interim Accreditation Letter Appendix U: Certification and Accreditation Professional (CAP(R)) Common Body of Knowledge (CBK(R)) Appendix V: Answers to Review Questions