
Risk Management Framework
A Lab-Based Approach to Securing Information Systems
Description
Key Features
- A comprehensive case study from initiation to decommission and disposal
- Detailed explanations of the complete RMF process and its linkage to the SDLC
- Hands on exercises to reinforce topics
- Complete linkage of the RMF to all applicable laws, regulations and publications as never seen before
Readership
Information Security professionals of all levels, systems administrators, information technology leaders, network administrators, information auditors, security managers, and an academic audience among information assurance majors
Table of Contents
Dedication
Acknowledgments
About the Author
Technical Editor
Companion Website
Chapter 1: Introduction
Book Overview And Key Learning PointsBook Audience
The Risk Management Framework (RMF)
Why This Book Is Different
A Note About National Security Systems
Book Organization
Part 1
Introduction
Chapter 2: Laws, Regulations, and Guidance
AbstractChapter Overview And Key Learning Points
The Case For Legal And Regulatory Requirements
Legal And Regulatory Organizations
Laws, Policies, And Regulations
National Institute Of Standards And Technology (NIST) Publications
Chapter 3: Integrated Organization-Wide Risk Management
AbstractChapter Overview And Key Learning Points
Risk Management
Risk Management And The RMF
Components Of Risk Management
Multi-Tiered Risk Management
Risk Executive (Function)
Chapter 4: The Joint Task Force Transformation Initiative
AbstractChapter Overview And Key Learning Points
Before The Joint Task Force Transformation Initiative
The Joint Task Force Transformation Initiative
Chapter 5: System Development Life Cycle (SDLC)
AbstractSystem Development Life Cycle (SDLC)
Traditional Systems Development Life Cycle (SDLC)
Traditional SDLC Considerations
Agile System Development
Chapter 6: Transitioning from the C&A Process to RMF
AbstractChapter Overview And Key Learning Points
C&A To RMF
The Certification And Accreditation (C&A) Process
Introducing The RMF (A High-Level View)
Transition
Chapter 7: Key Positions and Roles
AbstractChapter Overview And Key Learning Points
Key Roles To Implement The RMF
Part 2
Introduction
Chapter 8: Lab Organization
AbstractChapter Overview And Key Learning Points
The Department Of Social Media (DSM)
Organizational Structure
Risk Executive (Function)
Chapter 9: RMF Phase 1: Categorize the Information System
AbstractChapter Overview And Key Learning Points
Phase 1, Task 1: Security Categorization
Phase 1, Task 2: Information Systems Description
Common Control Providers
Phase 1, Task 3: Information System Registration
Chapter 9 Lab Exercises: Information System Categorization
Chapter 10: RMF Phase 2: Selecting Security Controls
AbstractChapter Overview And Key Learning Points
Selecting Security Controls
Chapter 10 Lab Exercises: Selecting Security Controls
Chapter 11: RMF Phase 3: Implementing Security Controls
AbstractChapter Overview And Key Learning Points
Phase 3, Task 1: Security Control Implementation
Phase 3, Task 2: Security Control Documentation
Chapter 11 Lab Exercises: Selecting Security Controls
Chapter 12: RMF Phase 4: Assess Security Controls
AbstractChapter Overview And Key Learning Points
Assessing Security Controls
Chapter 12 Lab Exercises: Assessing Security Controls
Chapter 13: RMF Phase 5: Authorizing the Information System
AbstractChapter Overview And Key Learning Points
Phase 5, Task 1: Developing The Plan Of Action And Milestones (POA&M)
Phase 5, Task 2: Assembly Of The Authorization Package
Phase 5, Task 3: Determining Risk
Phase 5, Task 4: Accepting Risk
Chapter 13 Lab Exercises: Authorizing The Information System
Chapter 14: RMF Phase 6: Monitoring Security Controls
AbstractChapter Overview And Key Learning Points
Phase 6, Task 1: Monitoring Information System And Environment Changes
Phase 6, Task 2: Ongoing Security Control Assessment
Phase 6, Task 3: Ongoing Remediation Actions
Phase 6, Task 4: Updating The Security Documentation
Phase 6, Task 5: Security Status Reporting
Phase 6, Task 6: Ongoing Risk Determination And Acceptance
Phase 6, Task 7: System Removal And Decommissioning
Chapter 14 Lab Exercises: Monitoring Security Controls
Chapter 15: The Expansion of the RMF
AbstractChapter Overview And Key Learning Points
The Transition To The RMF
Future Updates To The RMF Process
Using The RMF With Other Control Sets And Requirements
Conclusion
Appendix A: Answers to Exercises in Chapters 9 through 14
Chapter 9Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Appendix B: Control Families and Classes
Appendix C: Security Control Assessment Requirements
NIST SP 800-53A Assessment MethodsSecurity Control Baseline Categorization
CNSSI 1253 Baseline Categorization
New Controls Planned In Revision 4
FedRAMP Controls
SP 800-53 Security Controls To HIPAA Security Rule
PCI DSS Standards
Appendix D: Assessment Method Definitions, Applicable Objects, and Attributes
Glossary
Common Acronyms in this Book
References
Index
Product details
- No. of pages: 316
- Language: English
- Copyright: © Syngress 2013
- Published: July 3, 2013
- Imprint: Syngress
- eBook ISBN: 9780124047235
- Paperback ISBN: 9781597499958