Official (ISC)2 ® Guide to the CAP ® CBK ® - ISC2 Press (Hardback)Patrick D. Howard (author)
- We can order this
Significant developments since the publication of its bestselling predecessor, Building and Implementing a Security Certification and Accreditation Program, warrant an updated text as well as an updated title. Reflecting recent updates to the Certified Authorization Professional (CAP ®) Common Body of Knowledge (CBK ®) and NIST SP 800-37, the Official (ISC)2 ® Guide to the CAP ® CBK ®, Second Edition provides readers with the tools to effectively secure their IT systems via standard, repeatable processes.
Derived from the author's decades of experience, including time as the CISO for the Nuclear Regulatory Commission, the Department of Housing and Urban Development, and the National Science Foundation's Antarctic Support Contract, the book describes what it takes to build a system security authorization program at the organizational level in both public and private organizations. It analyzes the full range of system security authorization (formerly C&A) processes and explains how they interrelate. Outlining a user-friendly approach for top-down implementation of IT security, the book:
Details an approach that simplifies the authorization process, yet still satisfies current federal government criteriaExplains how to combine disparate processes into a unified risk management methodologyCovers all the topics included in the Certified Authorization Professional (CAP ®) Common Body of Knowledge (CBK ®)Examines U.S. federal polices, including DITSCAP, NIACAP, CNSS, NIAP, DoD 8500.1 and 8500.2, and NIST FIPSReviews the tasks involved in certifying and accrediting U.S. government information systems
Chapters 1 through 7 describe each of the domains of the (ISC)2 ® CAP ® CBK ®. This is followed by a case study on the establishment of a successful system authorization program in a major U.S. government department. The final chapter considers the future of system authorization. The book's appendices include a collection of helpful samples and additional information to provide you with the tools to effectively secure your IT systems.
Publisher: Taylor & Francis Ltd
Number of pages: 462
Weight: 943 g
Dimensions: 248 x 171 x 28 mm
Edition: 2nd New edition
Praise for the popular first edition:
This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria... Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat's work, he provides the reader with practical information on what works and what does not ... Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.
-Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame