Description
Howard provides information on certification and accreditation guidelines for information technology security that parallel federal government criteria, which can also be used by non-government organizations. He describes building a program, important elements, roles and responsibilities, the certification and accreditation cycle, and reasons for program failure. He then discusses planning, system inventory, data sensitivity and criticality, interconnected systems, baselines, risk, procedures, testing, remediation, documentation, and concludes with a case study of a US government department. Twenty appendices contain sample forms, outlines, and rules. There is no bibliography. The book is aimed at information system security officers, security managers, certifiers, and developers. Howard is the first chief information security officer at the US Department of Housing and Urban Development. Distributed by CRC. Annotation ©2006 Book News, Inc., Portland, OR (booknews.com)
Read More
Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes. This book consists of four main sections. It begins with a description of what it takes to build a certification and accreditation program at the organization level, followed by an analysis of various C&A processes and how they interrelate. The text then provides a case study of the successful implementation of certification and accreditation in a major U.S. government department. It concludes by offering a collection of helpful samples in the appendices.
Read Less