FISMA and the Risk Management Framework

FISMA and the Risk Management Framework
Author :
Publisher : Newnes
Total Pages : 585
Release :
ISBN-10 : 9781597496421
ISBN-13 : 1597496421
Rating : 4/5 (21 Downloads)

Synopsis FISMA and the Risk Management Framework by : Daniel R. Philpott

FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems. - Learn how to build a robust, near real-time risk management system and comply with FISMA - Discover the changes to FISMA compliance and beyond - Gain your systems the authorization they need

America's Security Agencies

America's Security Agencies
Author :
Publisher : Enslow Publishing
Total Pages : 136
Release :
ISBN-10 : 1598450581
ISBN-13 : 9781598450583
Rating : 4/5 (81 Downloads)

Synopsis America's Security Agencies by : Thomas Streissguth

The Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and National Security Agency (NSA) have been protecting Americans for decades. The events following the 9/11 attacks led to the creation of the Department of Homeland Security in 2002. Inside, you will find a thorough examination of each agency and department-its creation, history, structure, inner workings, and importance as they work hard to protect Americans at home and abroad. Book jacket.

ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects

ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects
Author :
Publisher : National Academies Press
Total Pages : 126
Release :
ISBN-10 : 9780309088800
ISBN-13 : 0309088801
Rating : 4/5 (00 Downloads)

Synopsis ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects by : National Research Council

In November 1999, GSA and the U.S. Department of State convened a symposium to discuss the apparently conflicting objectives of security from terrorist attack and the design of public buildings in an open society. The symposium sponsors rejected the notion of rigid, prescriptive design approaches. The symposium concluded with a challenge to the design and security professions to craft aesthetically appealing architectural solutions that achieve balanced, performance-based approaches to both openness and security. In response to a request from the Office of the Chief Architect of the Public Buildings Service, the National Research Council (NRC) assembled a panel of independent experts, the Committee to Review the Security Design Criteria of the Interagency Security Committee. This committee was tasked to evaluate the ISC Security Design Criteria to determine whether particular provisions might be too prescriptive to allow a design professional "reasonable flexibility" in achieving desired security and physical protection objectives.

Standards for Internal Control in the Federal Government

Standards for Internal Control in the Federal Government
Author :
Publisher : Lulu.com
Total Pages : 88
Release :
ISBN-10 : 9780359541829
ISBN-13 : 0359541828
Rating : 4/5 (29 Downloads)

Synopsis Standards for Internal Control in the Federal Government by : United States Government Accountability Office

Policymakers and program managers are continually seeking ways to improve accountability in achieving an entity's mission. A key factor in improving accountability in achieving an entity's mission is to implement an effective internal control system. An effective internal control system helps an entity adapt to shifting environments, evolving demands, changing risks, and new priorities. As programs change and entities strive to improve operational processes and implement new technology, management continually evaluates its internal control system so that it is effective and updated when necessary. Section 3512 (c) and (d) of Title 31 of the United States Code (commonly known as the Federal Managers' Financial Integrity Act (FMFIA)) requires the Comptroller General to issue standards for internal control in the federal government.

National Security and Double Government

National Security and Double Government
Author :
Publisher : Oxford University Press
Total Pages : 306
Release :
ISBN-10 : 9780190668471
ISBN-13 : 0190668474
Rating : 4/5 (71 Downloads)

Synopsis National Security and Double Government by : Michael J. Glennon

Why has U.S. security policy scarcely changed from the Bush to the Obama administration? National Security and Double Government offers a disquieting answer. Michael J. Glennon challenges the myth that U.S. security policy is still forged by America's visible, "Madisonian institutions" - the President, Congress, and the courts. Their roles, he argues, have become largely illusory. Presidential control is now nominal, congressional oversight is dysfunctional, and judicial review is negligible. The book details the dramatic shift in power that has occurred from the Madisonian institutions to a concealed "Trumanite network" - the several hundred managers of the military, intelligence, diplomatic, and law enforcement agencies who are responsible for protecting the nation and who have come to operate largely immune from constitutional and electoral restraints. Reform efforts face daunting obstacles. Remedies within this new system of "double government" require the hollowed-out Madisonian institutions to exercise the very power that they lack. Meanwhile, reform initiatives from without confront the same pervasive political ignorance within the polity that has given rise to this duality. The book sounds a powerful warning about the need to resolve this dilemma-and the mortal threat posed to accountability, democracy, and personal freedom if double government persists. This paperback version features an Afterword that addresses the emerging danger posed by populist authoritarianism rejecting the notion that the security bureaucracy can or should be relied upon to block it.

FISMA Compliance Handbook

FISMA Compliance Handbook
Author :
Publisher : Newnes
Total Pages : 380
Release :
ISBN-10 : 9780124059153
ISBN-13 : 0124059155
Rating : 4/5 (53 Downloads)

Synopsis FISMA Compliance Handbook by : Laura P. Taylor

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed. This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment. Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings. FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government's technical lead for FedRAMP, the government program used to assess and authorize cloud products and services. - Includes new information on cloud computing compliance from Laura Taylor, the federal government's technical lead for FedRAMP - Includes coverage for both corporate and government IT managers - Learn how to prepare for, perform, and document FISMA compliance projects - This book is used by various colleges and universities in information security and MBA curriculums

Glossary of Key Information Security Terms

Glossary of Key Information Security Terms
Author :
Publisher : DIANE Publishing
Total Pages : 211
Release :
ISBN-10 : 9781437980097
ISBN-13 : 1437980090
Rating : 4/5 (97 Downloads)

Synopsis Glossary of Key Information Security Terms by : Richard Kissel

This glossary provides a central resource of definitions most commonly used in Nat. Institute of Standards and Technology (NIST) information security publications and in the Committee for National Security Systems (CNSS) information assurance publications. Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009, and/or supplemental sources where appropriate. This is a print on demand edition of an important, hard-to-find publication.

The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard

The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard
Author :
Publisher :
Total Pages : 96
Release :
ISBN-10 : 1387131478
ISBN-13 : 9781387131471
Rating : 4/5 (78 Downloads)

Synopsis The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard by : Interagency Security Committee

One of the Department of Homeland Security's (DHS) priorities is the protection of Federal employees and private citizens who work within and visit U.S. Government-owned or leased facilities. The Interagency Security Committee (ISC), chaired by DHS, consists of 53 Federal departments and agencies, has as its mission the development of security standards and best practices for nonmilitary Federal facilities in the United States. As Chair of the ISC, I am pleased to introduce the new ISC document titled The Risk Management Process: An Interagency Security Committee Standard (Standard). This ISC Standard defines the criteria and processes that those responsible for the security of a facility should use to determine its facility security level and provides an integrated, single source of physical security countermeasures for all nonmilitary Federal facilities. The Standard also provides guidance for customization of the countermeasures for Federal facilities.

Federal Information System Controls Audit Manual (FISCAM)

Federal Information System Controls Audit Manual (FISCAM)
Author :
Publisher : DIANE Publishing
Total Pages : 601
Release :
ISBN-10 : 9781437914061
ISBN-13 : 1437914063
Rating : 4/5 (61 Downloads)

Synopsis Federal Information System Controls Audit Manual (FISCAM) by : Robert F. Dacey

FISCAM presents a methodology for performing info. system (IS) control audits of governmental entities in accordance with professional standards. FISCAM is designed to be used on financial and performance audits and attestation engagements. The methodology in the FISCAM incorp. the following: (1) A top-down, risk-based approach that considers materiality and significance in determining audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on bus. process controls; (4) Evaluation of security mgmt. at all levels; (5) Control hierarchy to evaluate IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk. Illus.

Guide for Developing Security Plans for Federal Information Systems

Guide for Developing Security Plans for Federal Information Systems
Author :
Publisher : Createspace Independent Publishing Platform
Total Pages : 50
Release :
ISBN-10 : 149544760X
ISBN-13 : 9781495447600
Rating : 4/5 (0X Downloads)

Synopsis Guide for Developing Security Plans for Federal Information Systems by : U.s. Department of Commerce

The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system. The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system owner, and the senior agency information security officer (SAISO). Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable.