By Patrick D. Howard
While many agencies struggle to conform with Federal details safeguard administration Act (FISMA) rules, those who have embraced its specifications have stumbled on that their entire and versatile nature offers a legitimate safeguard possibility administration framework for the implementation of crucial method safety controls. Detailing a confirmed strategy for constructing and enforcing a complete info safeguard software, FISMA ideas and most sensible Practices: past Compliance integrates compliance evaluate, technical tracking, and remediation efforts to give an explanation for how you can in attaining and retain compliance with FISMA requirements.
Based at the author’s adventure constructing, imposing, and keeping company FISMA-based details know-how protection courses at 3 significant federal businesses, together with the U.S. division of Housing and concrete improvement, the booklet supplies attainable strategies for setting up and working a good safeguard compliance software. It delineates the strategies, practices, and ideas eager about dealing with the complexities of FISMA compliance. Describing how FISMA can be utilized to shape the foundation for an company defense threat administration software, the book:
- Provides a complete research of FISMA requirements
- Highlights the first issues for establishing a good safeguard compliance program
- Illustrates profitable implementation of FISMA necessities with a number of case studies
Clarifying precisely what it takes to achieve and continue FISMA compliance, Pat Howard, CISO of the Nuclear Regulatory fee, offers special guidance so that you can layout and employees a compliance potential, construct organizational relationships, achieve administration help, and combine compliance into the approach improvement existence cycle. whereas there is not any such factor as absolute security, this updated source displays the $64000 safeguard techniques and concepts for addressing details defense standards mandated for presidency firms and corporations topic to those criteria.
Read Online or Download FISMA Principles and Best Practices: Beyond Compliance PDF
Similar network security books
Juniper Networks safe entry SSL VPN home equipment offer an entire variety of distant entry home equipment for the smallest businesses as much as the biggest carrier prone. As a approach administrator or safety specialist, this accomplished configuration advisor will let you configure those home equipment to permit distant and cellular entry for staff.
This SpringerBrief explains the rising cyber threats that undermine Android software defense. It additional explores the chance to leverage the state-of-the-art semantics and context–aware ideas to safeguard opposed to such threats, together with zero-day Android malware, deep software program vulnerabilities, privateness breach and inadequate protection warnings in app descriptions.
Create acceptable, security-focused company propositions that ponder the stability among expense, probability, and value, whereas beginning your trip to turn into a data safeguard supervisor. overlaying a wealth of knowledge that explains precisely how the works at the present time, this publication makes a speciality of how one can manage an efficient info defense perform, rent the best humans, and strike the easiest stability among defense controls, bills, and hazards.
- How Secure Is Your Wireless Network? Safeguarding Your Wi-Fi LAN
- Security Log Management : Identifying Patterns in the Chaos
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
- Banach lattices and operators
- Foundations of Mac OS X Leopard Security
- Email Security with Cisco IronPort
Additional resources for FISMA Principles and Best Practices: Beyond Compliance
Security Program Management The chapters in this section of the book support the needs of agencylevel security managers and personnel in managing the enterprise information security program. They build on and reinforce key security management concepts. For instance, there is an emphasis on accumulating the information necessary to know the status of the various components of the program and being in a position to share that information in a timely fashion, as well as having a vision of what is coming in the future and a plan for continuously improving and maturing the program, and a means for keeping it on track through good security management techniques and practices.
Agencies devised plans for conducting annual controls testing that first aimed at testing all controls of all systems, and the NIST SP 800-26 self-assessment approach was normally used to meet the requirement. NIST refined guidance to encourage the testing of a subset of controls for each system according to risk, to which agencies responded by identifying core controls for annual testing and a combination of biennial or triennial testing for the remaining controls. To lessen the burden of this requirement, certification testing of systems undergoing reaccreditation was accepted for this requirement.
General FISMA Requirements There are four requirements in this category. These include establishment of the agency information security program, integration of information security management into agency processes, annual reporting, and availability of trained personnel. • Information Security Program: Agencies normally meet this requirement by developing and maintaining an agencywide information security policy document. This policy may be written in varying degrees of detail, but at a minimum establishes the authority for the program and its related roles and responsibilities.