Security Controls Evaluation, Testing, and Assessment Handbook. Edition No. 2


Book
November 2019
Elsevier Science and Technology
ID: 4759550

Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts.

Please Note: This is an On Demand product, delivery may take up to 11 working days after payment has been received.

1. Introduction to Assessments2. Risk and Security3. Statutory & Regulatory GRC4. Federal RMF Requirements5. Risk Management Framework SP 800-37, rev.16. Roles and Responsibilities7. Assessment Process8. Assessment Methods9. Assessment Techniques for each kind of control10. System and Network Assessments11. Security Components Fundamentals12. Cybersecurity Controls13. CUI Controls14. Evidence of Assessment15. Reporting16. Conclusion

AppendixA. Templates for RMF documents and artifacts commonly required or requestedB. Templates for RMF Policies and Procedures by Control FamilyC. Assessment and Testing Tools

Authors

Leighton Johnson CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT). Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of cybersecurity & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations, training events and seminars all across the United States, Asia and Europe. He has over 40 years' experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense activities.

Table of Contents

Authors

Related Topics

Related Products

Penetration Testing - Market Share Analysis, Industry Trends & Statistics, Growth Forecasts 2019 - 2029

Security Testing - Market Share Analysis, Industry Trends & Statistics, Growth Forecasts 2019 - 2029

Cyber Security in Energy Sector Market By Component, By Deployment Model, By Enterprise Size, By End User: Global Opportunity Analysis and Industry Forecast, 2023-2032

Network Forensics Market Report by Component, Organization Size, Deployment Mode, Application, End Use Industry, and Region 2024-2032

Global Next-generation Firewall Market by Offering (Hardware, Software, Services), Deployment Mode (On-premises, Cloud/Virtual), Organization Size (Large Enterprises, SMEs), Vertical (BFSI, Government, Other Verticals) and Region - Forecast to 2028