Risk management framework a lab-based approach to securing information systems
The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance r...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Amsterdam ; Boston :
Elsevier/Syngress
c2013.
Waltham, MA : 2013. |
| Edición: | 1st edition |
| Colección: | Gale eBooks
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627887506719 |
Tabla de Contenidos:
- Front Cover; Risk Management Framework: A Lab-Based Approach to Securing Information Systems; Copyright; Dedication; Acknowledgments; About the Author; Technical Editor; Contents; Companion Website; Chapter 1: Introduction; Book Overview and Key Learning Points; Book Audience; The Risk Management Framework (RMF); Why This Book Is Different; A Note about National Security Systems; Book Organization; Part 1; Chapter 2: Laws, Regulations, and Guidance; Chapter Overview and Key Learning Points; The Case for Legal and Regulatory Requirements; Legal and Regulatory Organizations
- Orders Issued by the President of the United States of AmericaOffice of Management and Budget (OMB); National Institute of Standards and Technology (NIST); Committee on National Security Systems (CNSS); Office of the Director of National Intelligence (ODNI); Department of Defense (DoD); Laws, Policies, and Regulations; Privacy Act of 1974 (updated in 2004); Transmittal Memorandum No. 4, Management of Federal Information Resources, OMB A-130 (December, 1985); Information Technology Management Reform Act of 1996 (Clinger-Cohen Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act); Privacy Policies and Data Collection on Federal Web Sites, OMB M-00-13 (June, 2000); Executive Order 13231, Critical Infrastructure Protection in the Information Age, (October, 2001); Guidance for Preparing and Submitting Security Plans of Action and Milestones, OMB M-02-01 (October, 2001); Federal Information Security Management Act of 2002 (FISMA); HSPD 7, Critical Infrastructure Identification, Prioritization, and Protection (December, 2003)
- Health Information Technology for Economic and Critical Health (HITECH) Act of 2009Policy on Information Assurance Risk Management for National Security Systems (CNSSP 22. January, 2012); Security Categorization and Control Selection for National Security Systems (CNSSI 1253, Version 2. March, 2012); National Institute of Standards and Technology (NIST) Publications; Federal Information Processing Standards (FIPS) and Special Publications (SP); FIPS 199; FIPS 200; NIST SP 300-39; SP 300-37; SP 800-60; SP 800-53; SP 800-53A; SP 800-18; SP 800-70; SP 800-59
- Chapter 3: Integrated Organization-Wide Risk ManagementChapter Overview and Key Learning Points; Risk Management; Risk Management and the RMF; Components of Risk Management; Framing the Risk; Risk Assessment; Risk Response; Monitoring Risk; Multi-tiered Risk Management; Tier 1, Organizational Risk Management; Tier 2, Mission/Business Processes; Tier 3, Information System; Risk Executive (Function); Chapter 4: The Joint Task Force Transformation Initiative; Chapter Overview and Key Learning Points; Before the Joint Task Force Transformation Initiative; Federal Information Systems
- Military and Defense Systems
