| 000 | 04092cmm a2200325 a 4500 | ||
|---|---|---|---|
| 001 | 46932 | ||
| 003 | IN-BdCUP | ||
| 005 | 20230426175606.0 | ||
| 008 | 230426s2023 u eng | ||
| 020 | _a9781315229652 | ||
| 040 |
_beng _cIN-BdCUP |
||
| 041 | _aeng | ||
| 082 | _a005.800 | ||
| 100 | _aKohnke, Anne | ||
| 245 | 0 |
_aImplementing cybersecurity : _ba guide to the National Institute of Standards and Technology Risk Management Framework / _cby Anne Kohnke, Ken Sigler and Dan Shoemaker |
|
| 260 |
_aBoca Raton, FL : _bAuerbach Publications, an imprint of Taylor and Francis, _c2017 |
||
| 300 | _a1 online resource (337 pages) | ||
| 505 | _aCover -- Half Title -- Title Page -- Copyright page -- Contents -- Foreword -- Preface -- Why the NIST RMF Is Important -- Practical Benefits of Implementing???the???Risk Management Model -- Who Should Read This Book -- Organization of This Text -- Chapter 1: Introduction to Organizational Security Risk Management -- Chapter 2: Survey of Existing Risk Management Models -- Chapter 3: Step 1???Categorize Information and Information Systems -- Chapter 4: Step 2???Select Security Controls -- Chapter 5: Step 3???Implement Security Controls -- Chapter 6: Step 4???Assess Security Controls -- Chapter 7: Step 5???Authorize Information Systems -- Chapter 8: Step 6???Monitor Security State -- Chapter 9: Practical Application of the NIST RMF -- Appendix: (ISC)2 Certified Authorization Professional (CAP) Certification -- Authors -- Chapter 1: Introduction to Organizational Security Risk Management -- 1.1 Introduction to the Book -- 1.2 Risk Is Inevitable -- 1.3 Strategic Governance and Risk Management -- 1.4 Elements of Risk Management -- 1.5 Risk Types and Risk Handling Strategies -- 1.6 Overview of the Risk Management Process -- 1.7 Chapter Summary -- Glossary -- Chapter 2: Survey of Existing Risk Management Frameworks -- 2.1 Survey of Existing Risk Management Models and Frameworks -- 2.2 Standard Best Practice -- 2.3 Making Risk Management Tangible -- 2.4 Formal Architectures -- 2.5 General Shape of the RMF Process -- 2.6 RMF Implementation -- 2.7 Other Frameworks and Models for Risk Management -- 2.8 International Organization for Standardization 31000:2009 -- 2.9 ISO 31000 Implementation Process: Establishment -- 2.10 COSO Enterprise Risk Management Framework -- 2.11 Health Information Trust Alliance Common Security Framework -- 2.12 Implementing the HITRUST CSF Control Structure -- 2.13 NIST SP 800-30 and NIST SP 800-39 Standards -- 2.14 Chapter Summary -- Glossary -- References -- Chapter 3: Step 1 Categorize Information and Information Systems -- 3.1 Introduction -- 3.2 Security Impact Analysis -- 3.3 FIPS 199, Standards for Security Categorization of Federal Information and Information Systems -- 3.4 CNSSI No. 1253, Security Categorization and Control Selection for National Security Systems -- 3.5 Security Categorization from the Organizational Perspective -- 3.6 Chapter Summary -- References -- Chapter 4: Step 2???Select Security Controls | ||
| 520 | _aThe book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an application of the risk management process as well as the fundamental elements of control formulation within an applied context | ||
| 650 | _aRisk management | ||
| 650 | _aComputer security | ||
| 650 | _aComputer networks | ||
| 650 | _aInformation technology | ||
| 650 | _aCOMPUTERS--Networking--General | ||
| 650 | _aCOMPUTERS--Security--General | ||
| 700 | _aSigler, Ken | ||
| 700 | _aShoemaker, Dan | ||
| 856 |
_3Electronic Book Resource _uhttps://www.taylorfrancis.com/books/9781315229652 |
||
| 942 |
_2ddc _cE |
||
| 999 |
_c48942 _d48942 |
||