Freshly Printed - allow 10 days lead
Couldn't load pickup availability
Risk Management Framework
A Lab-Based Approach to Securing Information Systems
Learn how to implement the Risk Management Framework through a comprehensive case study and hands on lab-based approach
James Broad (Author)
9781597499958, Elsevier Science
Paperback / softback, published 29 August 2013
316 pages, 30 illustrations
23.5 x 19 x 2.1 cm, 0.48 kg
"Writing for technical, administrative, and management professionals within the US government, information security consultant Broad explains the basics of the risk management framework as it pertains to the systems development life cycle of federal information technology systems, and suggests how to use this information during the development, assessment, and continuous monitoring of those systems." --Reference & Research Book News, December 2013
The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader’s own organization.
Introduction Laws, Regulation and Guidance The Joint Task Force Transformation Initiative Key Positions and Roles Transition from the Four-Phase Certification and Accreditation Cycle The RMF Integrated Organization-Wide Risk Management Lab Organization Phase 1: System Categorization Phase 2: Control Selection Phase 3: Control Implementation Phase 4: Control Assessment Phase 5: System Authorization Phase 6: Continuous Monitoring Use of RMF in Other Environments Future Planned Changes Use with Other Compliance Requirements Appendices
Subject Areas: Computer security [UR]
