Sale!

Official ISC 2 guide to the CISSP CBK 2nd Edition by Patrick Howard 9781466576032 1466576030

Original price was: $50.00.Current price is: $35.00.

Official ISC 2 guide to the CISSP CBK 2nd ed Edition Baker Digital Instant Download

Author(s): Baker, Paul; Tipton, Harold F
ISBN(s): 9781439809600, 1439809607
Edition: 2nd ed
File Details: PDF, 7.04 MB
Year: 2010
Language: english
SKU: EB-5101476 Category: Tags: , , ,

Official ISC 2 guide to the CISSP CBK 2nd Edition by Patrick Howard – Ebook PDF Instant Download/Delivery: 9781466576032, 1466576030
Full download Official ISC 2 guide to the CISSP CBK 2nd Edition  after payment

Product details:

ISBN 10: 1466576030
ISBN 13: 9781466576032 
Author: Patrick D. Howard

Significant developments since the publication of its bestselling predecessor, Building and Implementing a Security Certification and Accreditation Program, warrant an updated text as well as an updated title. Reflecting recent updates to the Certified Authorization Professional (CAP) Common Body of Knowledge (CBK) and NIST SP 800-37, the Official.

Official ISC 2 guide to the CISSP CBK 2nd Table of contents:

Chapter 1: Security Authorization of Information Systems

  • Introduction
  • Legal and Regulatory Framework for System Authorization
  • External Program Drivers
  • System-Level Security
  • Defining System Authorization
  • Resistance to System Authorization
  • Benefits of System Authorization
  • Key Elements of an Enterprise System Authorization Program
    • The Business Case
    • Goal Setting
    • Tasks and Milestones
    • Program Oversight
    • Visibility
    • Resources
    • Program Guidance
    • Special Issues
    • Program Integration
    • System Authorization Points of Contact
    • Measuring Progress
    • Managing Program Activities
    • Monitoring Compliance
    • Providing Advice and Assistance
    • Responding to Changes
    • Program Awareness, Training, and Education
    • Using Expert Systems
    • Waivers and Exceptions
  • NIST Special Publication 800-37, Revision 1, and the Application of the Risk Management Framework to Systems
    • Overview
    • Authority and Scope
    • Purpose and Applicability
    • Target Audience
  • Fundamentals of Information System Risk Management According to NIST SP 800-37, Revision 1
    • Guidance on Organization-Wide Risk Management
      • Organization Level (Tier 1)
      • Mission/Business Process Level (Tier 2)
      • Information System Level (Tier 3)
    • Guidance on Risk Management in the System Development Life Cycle
    • NIST’s Risk Management Framework
    • Guidance on System Boundary Definition
    • Guidance on Software Application Boundaries
    • Guidance on Complex Systems
    • Guidance on the Impact of Technological Changes on System Boundaries
    • Guidance on Dynamic Subsystems
    • Guidance on External Subsystems
    • Guidance on Security Control Allocation
    • Guidance on Applying the Risk Management Framework
    • Summary of NIST Guidance
  • System Authorization Roles and Responsibilities
    • Primary Roles and Responsibilities
    • Other Roles and Responsibilities
    • Additional Roles and Responsibilities from NIST SP 800-37, Revision 1
    • Documenting Roles and Responsibilities
      • Job Descriptions
      • Position Sensitivity Designations
      • Personnel Transition
      • Time Requirements
      • Expertise Requirements
      • Using Contractors
      • Routine Duties
      • Organizational Skills
      • Organizational Placement of the System Authorization Function
  • The System Authorization Life Cycle
    • Initiation Phase
    • Acquisition/Development Phase
    • Implementation Phase
    • Operations/Maintenance Phase
    • Disposition Phase
  • Challenges to Implementation
    • Why System Authorization Programs Fail
    • Program Scope
    • Assessment Focus
    • Short-Term Thinking
    • Long-Term Thinking
    • Poor Planning
    • Lack of Responsibility
    • Excessive Paperwork
    • Lack of Enforcement
    • Lack of Foresight
    • Poor Timing
    • Lack of Support
  • System Authorization Project Planning
    • Planning Factors
    • Dealing with People
    • Team Member Selection
    • Scope Definition
    • Assumptions
    • Risks
    • Project Agreements
    • Project Team Guidelines
    • Administrative Requirements
    • Reporting
    • Other Tasks
    • Project Kickoff
  • Wrap-Up
  • Observations
  • The System Inventory Process
    • Responsibility
    • System Identification
    • Small Systems
    • Complex Systems
    • Combining Systems
    • Accreditation Boundaries
    • The Process
    • Validation
    • Inventory Information
    • Inventory Tools
    • Using the Inventory
    • Maintenance
    • Observations
    • Interconnected Systems
    • The Solution
  • Agreements in the System Authorization Process
    • Trust Relationships
    • Initiation
    • Time Issues
    • Exceptions
    • Maintaining Agreements

Chapter 2: Information System Categorization

  • Introduction
  • Defining Sensitivity
    • Data Sensitivity and System Sensitivity
    • Sensitivity Assessment Process
    • Data Classification Approaches
    • Responsibility for Data Sensitivity Assessment
    • Ranking Data Sensitivity
    • National Security Information
  • Criticality
    • Criticality Assessment
    • Criticality in the View of the System Owner
    • Ranking Criticality
    • Changes in Criticality and Sensitivity
  • NIST Guidance on System Categorization
    • Task 1-1: Categorize and Document the Information System
    • Task 1-2: Describe the Information System
    • Task 1-3: Register the Information System

Chapter 3: Establishment of the Security Control Baseline

  • Introduction
  • Minimum Security Baselines and Best Practices
  • Security Controls
    • Levels of Controls
    • Selecting Baseline Controls
    • Use of the Minimum Security Baseline Set
    • Common Controls
  • Observations
  • Assessing Risk
    • Background
    • Risk Assessment in System Authorization
    • The Risk Assessment Process
      • Step 1: System Characterization
      • Step 2: Threat Identification
      • Step 3: Vulnerability Identification
      • Step 4: Control Analysis
      • Step 5: Likelihood Determination
      • Step 6: Impact Analysis
      • Step 7: Risk Determination
      • Step 8: Control Recommendations
      • Step 9: Results Documentation
    • Conducting the Risk Assessment
    • Risk Categorization
    • Documenting Risk Assessment Results
    • Using the Risk Assessment
  • Overview of NIST Special Publication 800-30, Revision 1
  • Observations
  • System Security Plans
    • Applicability
    • Responsibility
    • Plan Contents
    • What a Security Plan Is Not
    • Plan Initiation
    • Information Sources
    • Security Plan Development Tools
    • Plan Format
    • Plan Approval
    • Plan Maintenance
    • Plan Security
    • Plan Metrics
    • Resistance to Security Planning
  • Observations
  • NIST Guidance on Security Controls Selection
    • Task 2-1: Identify Common Controls
    • Task 2-2: Select Security Controls
    • Task 2-3: Develop Monitoring Strategy
    • Task 2-4: Approve Security Plan

Chapter 4: Application of Security Controls

  • Introduction
  • Security Procedures
    • Purpose
    • The Problem with Procedures
    • Responsibility
    • Procedure Templates
    • Process for Developing Procedures
    • Style

People also search for Official ISC 2 guide to the CISSP CBK 2nd :

the official (isc)2 guide to the cissp cbk reference
    
official isc 2 guide to the cissp cbk 3rd edition
    
official isc 2 guide to the cissp cbk 4th edition
    
official isc 2 guide to the cissp cbk fifth edition

Tags:

Patrick Howard,Official,ISC 2 guide