Implementing cybersecurity : a guide to the National Institute of Standards and Technology Risk Management Framework /
Kohnke, Anne
Implementing cybersecurity : a guide to the National Institute of Standards and Technology Risk Management Framework / by Anne Kohnke, Ken Sigler and Dan Shoemaker - Boca Raton, FL : Auerbach Publications, an imprint of Taylor and Francis, 2017 - 1 online resource (337 pages)
Cover -- Half Title -- Title Page -- Copyright page -- Contents -- Foreword -- Preface -- Why the NIST RMF Is Important -- Practical Benefits of Implementing???the???Risk Management Model -- Who Should Read This Book -- Organization of This Text -- Chapter 1: Introduction to Organizational Security Risk Management -- Chapter 2: Survey of Existing Risk Management Models -- Chapter 3: Step 1???Categorize Information and Information Systems -- Chapter 4: Step 2???Select Security Controls -- Chapter 5: Step 3???Implement Security Controls -- Chapter 6: Step 4???Assess Security Controls -- Chapter 7: Step 5???Authorize Information Systems -- Chapter 8: Step 6???Monitor Security State -- Chapter 9: Practical Application of the NIST RMF -- Appendix: (ISC)2 Certified Authorization Professional (CAP) Certification -- Authors -- Chapter 1: Introduction to Organizational Security Risk Management -- 1.1 Introduction to the Book -- 1.2 Risk Is Inevitable -- 1.3 Strategic Governance and Risk Management -- 1.4 Elements of Risk Management -- 1.5 Risk Types and Risk Handling Strategies -- 1.6 Overview of the Risk Management Process -- 1.7 Chapter Summary -- Glossary -- Chapter 2: Survey of Existing Risk Management Frameworks -- 2.1 Survey of Existing Risk Management Models and Frameworks -- 2.2 Standard Best Practice -- 2.3 Making Risk Management Tangible -- 2.4 Formal Architectures -- 2.5 General Shape of the RMF Process -- 2.6 RMF Implementation -- 2.7 Other Frameworks and Models for Risk Management -- 2.8 International Organization for Standardization 31000:2009 -- 2.9 ISO 31000 Implementation Process: Establishment -- 2.10 COSO Enterprise Risk Management Framework -- 2.11 Health Information Trust Alliance Common Security Framework -- 2.12 Implementing the HITRUST CSF Control Structure -- 2.13 NIST SP 800-30 and NIST SP 800-39 Standards -- 2.14 Chapter Summary -- Glossary -- References -- Chapter 3: Step 1 Categorize Information and Information Systems -- 3.1 Introduction -- 3.2 Security Impact Analysis -- 3.3 FIPS 199, Standards for Security Categorization of Federal Information and Information Systems -- 3.4 CNSSI No. 1253, Security Categorization and Control Selection for National Security Systems -- 3.5 Security Categorization from the Organizational Perspective -- 3.6 Chapter Summary -- References -- Chapter 4: Step 2???Select Security Controls
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an application of the risk management process as well as the fundamental elements of control formulation within an applied context
9781315229652
Risk management
Computer security
Computer networks
Information technology
COMPUTERS--Networking--General
COMPUTERS--Security--General
005.800
Implementing cybersecurity : a guide to the National Institute of Standards and Technology Risk Management Framework / by Anne Kohnke, Ken Sigler and Dan Shoemaker - Boca Raton, FL : Auerbach Publications, an imprint of Taylor and Francis, 2017 - 1 online resource (337 pages)
Cover -- Half Title -- Title Page -- Copyright page -- Contents -- Foreword -- Preface -- Why the NIST RMF Is Important -- Practical Benefits of Implementing???the???Risk Management Model -- Who Should Read This Book -- Organization of This Text -- Chapter 1: Introduction to Organizational Security Risk Management -- Chapter 2: Survey of Existing Risk Management Models -- Chapter 3: Step 1???Categorize Information and Information Systems -- Chapter 4: Step 2???Select Security Controls -- Chapter 5: Step 3???Implement Security Controls -- Chapter 6: Step 4???Assess Security Controls -- Chapter 7: Step 5???Authorize Information Systems -- Chapter 8: Step 6???Monitor Security State -- Chapter 9: Practical Application of the NIST RMF -- Appendix: (ISC)2 Certified Authorization Professional (CAP) Certification -- Authors -- Chapter 1: Introduction to Organizational Security Risk Management -- 1.1 Introduction to the Book -- 1.2 Risk Is Inevitable -- 1.3 Strategic Governance and Risk Management -- 1.4 Elements of Risk Management -- 1.5 Risk Types and Risk Handling Strategies -- 1.6 Overview of the Risk Management Process -- 1.7 Chapter Summary -- Glossary -- Chapter 2: Survey of Existing Risk Management Frameworks -- 2.1 Survey of Existing Risk Management Models and Frameworks -- 2.2 Standard Best Practice -- 2.3 Making Risk Management Tangible -- 2.4 Formal Architectures -- 2.5 General Shape of the RMF Process -- 2.6 RMF Implementation -- 2.7 Other Frameworks and Models for Risk Management -- 2.8 International Organization for Standardization 31000:2009 -- 2.9 ISO 31000 Implementation Process: Establishment -- 2.10 COSO Enterprise Risk Management Framework -- 2.11 Health Information Trust Alliance Common Security Framework -- 2.12 Implementing the HITRUST CSF Control Structure -- 2.13 NIST SP 800-30 and NIST SP 800-39 Standards -- 2.14 Chapter Summary -- Glossary -- References -- Chapter 3: Step 1 Categorize Information and Information Systems -- 3.1 Introduction -- 3.2 Security Impact Analysis -- 3.3 FIPS 199, Standards for Security Categorization of Federal Information and Information Systems -- 3.4 CNSSI No. 1253, Security Categorization and Control Selection for National Security Systems -- 3.5 Security Categorization from the Organizational Perspective -- 3.6 Chapter Summary -- References -- Chapter 4: Step 2???Select Security Controls
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an application of the risk management process as well as the fundamental elements of control formulation within an applied context
9781315229652
Risk management
Computer security
Computer networks
Information technology
COMPUTERS--Networking--General
COMPUTERS--Security--General
005.800