FISMA and the Risk Management Framework
The New Practice of Federal Cyber SecurityBy
- Stephen Gantz, CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, Founder and Principal Architect of SecurityArchitecture.com.
- Daniel Philpott, Daniel Philpott, Federal Information Security Architect, Information Assurance Division of Tantus Technologies
If you are responsible for meeting federal information security requirements such as FISMA, this book is all you need to know to get a system authorized. Now in the first full revision of FISMA since its inception in 2002, a new wave of stronger security measures are now available through the efforts of the Department of Defense, Office of the Directory of National Intelligence, Committee for National Security Systems and the National Institute of Standards and Technology.
Based on the new FISMA requirements for 2011 and beyond, this book catalogs the processes, procedures and specific security recommendations underlying the new Risk Management Framework. Written by an experienced FISMA practitioner, this book presents an effective system of information assurance, real-time risk monitoring and secure configurations for common operating systems.
Information Security Auditors; Information Security Analysts, Penetration Testers, FISMA compliance staff, ST&E contractors, Information Security Engineers
Paperback, 584 Pages
Published: November 2012
Chapter 1: Introduction
Chapter 2: Federal Information Security Fundamentals
Chapter 3: Thinking About RiskChapter 4: Thinking About Systems
Chapter 5: Success FactorsChapter 6: Risk Management Framework Planning and Initiation
Chapter 7: Risk Management Framework Steps 1 & 2Chapter 8: Risk Management Framework Steps 3 & 4
Chapter 9: Risk Management Framework Steps 5 & 6Chapter 10: System Security Plan
Chapter 11: Security Assessment ReportChapter 12: Plan of Action and Milestones
Chapter 13: Risk ManagementChapter 14: Continuous Monitoring
Chapter 15: Contingency PlanningChapter 16: Privacy
Chapter 17: Federal InitiativesAppendix A: References
Appendix B: AcronymsAppendix C: Glossary