Building and Implementing a Security Certification and Accreditation Program
OFFICIAL (ISC)2 GUIDE to the CAPcm CBK
1st Edition
Published on 15. December 2005
Book
Hardback
344 pages
978-0-8493-2062-0 (ISBN)
Description
Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes. This book consists of four main sections. It begins with a description of what it takes to build a certification and accreditation program at the organization level, followed by an analysis of various C&A processes and how they interrelate. The text then provides a case study of the successful implementation of certification and accreditation in a major U.S. government department. It concludes by offering a collection of helpful samples in the appendices.
More details
Series
Language
English
Place of publication
London
United Kingdom
Publishing group
Taylor & Francis Ltd
Target group
Professional and scholarly
Enterprise information security managers and staff, security professionals, IT auditors, Infosec consultants
Illustrations
5 s/w Abbildungen, 43 s/w Tabellen
43 Tables, black and white; 5 Illustrations, black and white
Dimensions
Height: 234 mm
Width: 156 mm
Weight
635 gr
ISBN-13
978-0-8493-2062-0 (9780849320620)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
New editions
Patrick D. Howard
Official (ISC)2 (R) Guide to the CAP (R) CBK (R)
Book
07/2012
2nd Edition
Taylor & Francis
€104.50
Shipment within 15-20 days
Person
Content
Building a Successful Enterprise Certification and
Accreditation Program
Key Elements of an Enterprise Certification and
Accreditation Program
Certification and Accreditation Roles and
Responsibilities
The Certification and Accreditation Life Cycle
Why Certification and Accreditation Programs Fail
Certification and Accreditation Processes
Certification and Accreditation Project Planning
System Inventory Process
Assessing Data Sensitivity and Criticality
System Security Plans
Coordinating Security for Interconnected Systems
Minimum Security Baselines and Best Practices
Assessing Risk
Security Procedures
Certification Testing
Remediation Planning
Essential Certification and Accreditation
Documentation
Documenting the Accreditation Decision
Certification and Accreditation Case Study
The Future of Certification and Accreditation
Appendices
Certification and Accreditation References
Glossary
Sample Statement of Work
Sample Project Work Plan
Sample Project Kickoff Presentation Outline
Sample Project Wrap-Up Presentation Outline
Sample System Inventory Policy
Sample Business Impact Assessment
Sample Rules of Behavior (General Support System)
Sample Rules of Behavior (Major Application)
Sample System Security Plan Outline
Sample Memorandum of Understanding
Sample Interconnection Security Agreement
Sample Risk Assessment Outline
Sample Security Procedure
Sample Certification Test Results Matrix
Sample Risk Remediation Plan
Sample Certification Statement
Sample Accreditation Letter
Sample Interim Accreditation Letter
Accreditation Program
Key Elements of an Enterprise Certification and
Accreditation Program
Certification and Accreditation Roles and
Responsibilities
The Certification and Accreditation Life Cycle
Why Certification and Accreditation Programs Fail
Certification and Accreditation Processes
Certification and Accreditation Project Planning
System Inventory Process
Assessing Data Sensitivity and Criticality
System Security Plans
Coordinating Security for Interconnected Systems
Minimum Security Baselines and Best Practices
Assessing Risk
Security Procedures
Certification Testing
Remediation Planning
Essential Certification and Accreditation
Documentation
Documenting the Accreditation Decision
Certification and Accreditation Case Study
The Future of Certification and Accreditation
Appendices
Certification and Accreditation References
Glossary
Sample Statement of Work
Sample Project Work Plan
Sample Project Kickoff Presentation Outline
Sample Project Wrap-Up Presentation Outline
Sample System Inventory Policy
Sample Business Impact Assessment
Sample Rules of Behavior (General Support System)
Sample Rules of Behavior (Major Application)
Sample System Security Plan Outline
Sample Memorandum of Understanding
Sample Interconnection Security Agreement
Sample Risk Assessment Outline
Sample Security Procedure
Sample Certification Test Results Matrix
Sample Risk Remediation Plan
Sample Certification Statement
Sample Accreditation Letter
Sample Interim Accreditation Letter