| 000 | 05201cam a2200565Ii 4500 | ||
|---|---|---|---|
| 001 | ocn932016626 | ||
| 003 | OCoLC | ||
| 005 | 20190328114813.0 | ||
| 006 | m o d | ||
| 007 | cr cnu|||unuuu | ||
| 008 | 151210t20152016mau o 001 0 eng d | ||
| 040 |
_aN$T _beng _erda _epn _cN$T _dYDXCP _dOPELS _dN$T _dOCLCF _dCDX _dEBLCP _dIDEBK _dMERUC _dDEBSZ _dIDB _dOCLCQ _dWRM _dU3W _dD6H _dOCLCQ _dCUY _dZCU _dICG _dDKC |
||
| 019 |
_a932049488 _a935249504 |
||
| 020 |
_a9780128025642 _q(electronic bk.) |
||
| 020 |
_a0128025646 _q(electronic bk.) |
||
| 020 | _z9780128023242 | ||
| 020 | _z0128023244 | ||
| 035 |
_a(OCoLC)932016626 _z(OCoLC)932049488 _z(OCoLC)935249504 |
||
| 050 | 4 | _aHD61 | |
| 072 | 7 |
_aBUS _x082000 _2bisacsh |
|
| 072 | 7 |
_aBUS _x041000 _2bisacsh |
|
| 072 | 7 |
_aBUS _x042000 _2bisacsh |
|
| 072 | 7 |
_aBUS _x085000 _2bisacsh |
|
| 082 | 0 | 4 |
_a658.15/5 _223 |
| 100 | 1 |
_aJohnson, Leighton, _eauthor. |
|
| 245 | 1 | 0 |
_aSecurity controls evaluation, testing, and assessment handbook / _h[electronic resource] _cLeighton Johnson. |
| 264 | 1 |
_aWaltham, MA : _bSyngress is an imprint of Elsevier, _c2015. |
|
| 300 | _a1 online resource | ||
| 336 |
_atext _btxt _2rdacontent |
||
| 337 |
_acomputer _bc _2rdamedia |
||
| 338 |
_aonline resource _bcr _2rdacarrier |
||
| 500 | _aIncludes index. | ||
| 588 | 0 | _aOnline resource; title from PDF title page (ScienceDirect, viewed December 16, 2015). | |
| 505 | 0 | _aCover; Title Page; Copyright Page; Dedication; Contents; Introduction; Section I; Chapter 1 -- Introduction to Assessments; Chapter 2 -- Risk, Security, and Assurance; Risk management; Risk assessments; Security controls; Chapter 3 -- Statutory and Regulatory GRC; Statutory requirements; Privacy Act -- 1974; CFAA -- 1986; ECPA -- 1986; CSA -- 1987; CCA -- 1996; HIPAA -- 1996; EEA -- 1996; GISRA -- 1998; USA PATRIOT Act -- 2001; FISMA -- 2002; Sarbanes-Oxley -- 2002; Health Information Technology for Economic and Clinical Health Act -- 2009; Executive Orders/Presidential Directives. | |
| 505 | 8 | _aFederal processing standardsFIPS-140 -- Security Requirements for Cryptographic Modules; FIPS-186 -- Digital Signature Standard (DSS); FIPS-190 -- Guideline for the Use of Advanced Authentication Technology Alternatives; FIPS-191 -- Guideline for the Analysis Local Area Network Security; FIPS-199 -- Standards for Security Categorization of Federal Information and Information Systems; FIPS-200 -- Minimum Security Requirements for Federal Information and Information Systems; FIPS-201 -- Personal Identity Verification of Federal Employees and Contractors; Regulatory requirements; DOD; CNSS; HHS. | |
| 505 | 8 | _aHIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 -- Federal RMF Requirements; Federal civilian agencies; DOD -- DIACAP -- RMF for DOD IT; IC -- ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 -- Risk Management Framework; Step 1 -- categorization; Step 2 -- selection; Step 3 -- implementation; Step 4 -- assessment; Step 5 -- authorization; Step 6 -- monitoring; Continuous Monitoring for Current Systems; Chapter 6 -- Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA. | |
| 505 | 8 | _aNIAPDHS; DOD; Individual roles; System Owner; Authorizing Official; Information System Security Officer; Information System Security Engineer; Security Architect; Common Control Provider; Authorizing Official Designated Representative; Information Owner/Steward; Risk Executive (Function); User Representative; Agency Head; Security Control Assessor; Senior Information Security Officer; Chief Information Officer; DOD roles; Section II ; Introduction; Chapter -- 7 -- Assessment Process; Focus; Guidance; SP 800-53A; RMF Step 4 -- Assess Security Controls; SP 800-115; RMF Knowledge Service. | |
| 505 | 8 | _aISO 27001/27002Chapter -- 8 -- Assessment Methods; Evaluation methods and their attributes; Processes; Interviews; Examinations; Observations; Document Reviews; Testing; Automated; Manual; Chapter -- 9 -- Assessment Techniques for Each Kind of Control; Security assessment plan developmental process; Security assessment actions; Security controls by family; Chapter -- 10 -- System and Network Assessments; 800-115 introduction; Assessment techniques; Network testing purpose and scope; ACL Reviews; System-Defined Reviews; Testing roles and responsibilities; Security testing techniques. | |
| 504 | _aIncludes bibliographical references and index. | ||
| 650 | 0 | _aRisk management. | |
| 650 | 7 |
_aBUSINESS & ECONOMICS _xIndustrial Management. _2bisacsh |
|
| 650 | 7 |
_aBUSINESS & ECONOMICS _xManagement. _2bisacsh |
|
| 650 | 7 |
_aBUSINESS & ECONOMICS _xManagement Science. _2bisacsh |
|
| 650 | 7 |
_aBUSINESS & ECONOMICS _xOrganizational Behavior. _2bisacsh |
|
| 650 | 7 |
_aRisk management. _2fast _0(OCoLC)fst01098164 |
|
| 655 | 4 | _aElectronic books. | |
| 655 | 7 |
_aElectronic books. _2lcgft |
|
| 776 | 0 | 8 |
_iPrint version: _aJohnson, Leighton. _tSecurity Controls Evaluation, Testing, and Assessment Handbook. _dSaint Louis, MO : Elsevier Science, �2015 _z9780128023242 |
| 856 | 4 | 0 |
_3ScienceDirect _uhttp://www.sciencedirect.com/science/book/9780128023242 |
| 999 |
_c247248 _d247248 |
||