FISMA Principles and Best Practices Beyond Compliance 1st Edition by Patrick Howard – Ebook PDF Instant Download/Delivery: 1420078305, 9781466508347
Full download FISMA Principles and Best Practices Beyond Compliance 1st Edition after payment
Product details:
ISBN 10: 1420078305
ISBN 13: 9781466508347
Author: Patrick D. Howard
While many agencies struggle to comply with Federal Information Security Management Act (FISMA) regulations, those that have embraced its requirements have found that their comprehensive and flexible nature provides a sound security risk management framework for the implementation of essential system security controls.
Table of contents:
Part I Introduction
Chapter 1 Analysis of the Federal Information Security Management Act (FISMA)
Agency-Level FISMA Requirements
Purposes
Federal Agency Responsibilities
Agency-Level Information Security Programs
Agency Reporting
Annual Independent Evaluation
National Security Systems
FISMA Requirements Case Study
General FISMA Requirements
Requirements for Senior Agency Officials
Requirements for CIOs
Information Security Program Requirements
Potential Changes
Conclusions
Chapter 2 Principles of FISMA Reporting
Annual Reporting
Quarterly Reporting
Report Preparation
Weaknesses in FISMA Reporting
Recent Improvements
Conclusions
Part II Managing FISMA Compliance
Security Risk Management
Security Program Management
Critical Tasks for Information Security Program Management
Chapter 3 Management Support
CISO Characteristics
CIO Support
Senior Executive Support
Support of Business Unit Leaders
Support of Security and IT Specialists
Support of System Owners
Support of Project Managers and Supervisors
Support from Other Managers
Nature of Support
Support in System Operation
Support in Acquisitions
Support in System Authorization
Summary
Chapter 4 The Information Security Organization
FISMA Requirements for the Information Security Function
Defining Requirements
Organizational Placement
Functional Capabilities
Formalization of the Organization
Organizational Compliance Roles
The System Owner Role
The ISSO Framework
Authorizing Official Framework
Organizing to Communicate
Traits of an Effective Information Security Organization
Independence
Authority
Compliance Organization Operations
Contractor Support
Scope
Summary
Chapter 5 Staffing Considerations
Key Qualities
Staffing to Meet Compliance Objectives
Job Descriptions
Hiring
Working with Contractors
Managing Security Compliance Personnel
Staffing Other Positions
Summary
Chapter 6 Program Planning
Information Security Program Design and Development
The Information Security Strategic Plan
Implementing the Plan
Measuring Performance
Related Plans
Other Planning Considerations
Summary
Chapter 7 Developing Policy and Guidance
Security Policy Considerations
Supporting Security Documentation
Rules of Behavior
System Authorization Process
System Categorization Process
Contingency Planning Process
Security Impact Assessment Process
Other Considerations
Conclusions
Chapter 8 Training and Awareness
New User Training
Refresher Awareness Training
Topical Training
Role-Based Training
Security Team Professionalization
The CISO as Chief Security Trainer
Training Methods
Best Practices for Training and Awareness
Summary
Chapter 9 Audit Liaison
Audit Preparation
Kicking Off the Audit
During the Audit
The Audit Report
Conclusion
Chapter 10 Monitoring Mechanisms
Compliance Review Process
Annual Controls Testing
Monitoring in Real Time
Remediation Tracking
Other Monitoring Activities
Conclusion
Chapter 11 Life-Cycle Issues
The CISO Role
Information Technology Governance
Requirements Definition Phase Issues
Development/Acquisition Phase Issues
Operation and Maintenance Phase Issues
Providing Project Support
Conclusion
Chapter 12 Outreach
Why the Need for Outreach?
Building Relationships
Best Practices
CISO Awareness
Information Sharing
Preparing for Outreach
Summary
Part III Summary
Negative Effects of FISMA
Improvements Resulting from FISMA
FISMA and the Future
People also search:
fisma compliance handbook
fisma compliance handbook pdf
fisma principles
is fisma a framework
Tags: Patrick Howard, Principles, FISMA, Practices