Building and Implementing a Risk Management Framework Program

En savoir plus sur le livre

Providing an overview of certification and accreditation, the second edition demonstrates the effectiveness of C&A as a risk management methodology for IT systems in public and private organizations. It enables readers to document the status of their security controls and learn how to secure IT systems via standard, repeatable processes. The text describes what it takes to build a certification and accreditation program at the organization level and analyzes various C&A processes and how they interrelate. A case study illustrates the successful implementation of certification and accreditation in a major U.S. government department. Inhaltsverzeichnis 1. Security Authorization of Information Systems Introduction. 2. Information System Categorization. 3. Establishment of the Security Control Baseline. 4. Application of Security Controls. 5. Assessment of Security Controls. 6. Information System Authorization. 7. Security Controls Monitoring. 8. System Authorization Case Study. 9. The Future of Information System Authorization. Appendixes.