My Account
Log in Registration
All
Cart
Highlights
Fiction Books
Non-Fiction Books
Children's Books
Rare Books
Music
DVD & Blu-Ray
Video Games
Category
Wishlists
Cart
All
Free US shipping over $10
Trustpilot
Proud to be B-Corp

Official (ISC)2 (R) Guide to the CAP (R) CBK (R) Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)

Official (ISC)2 (R) Guide to the CAP (R) CBK (R) By Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)

Official (ISC)2 (R) Guide to the CAP (R) CBK (R) by Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)

Reviews:
$25.31
Condition - Very Good
Only 1 left
Very Good

Summary

Demonstrates the effectiveness of certification and accreditation as a risk management methodology for IT systems in public and private organizations. This work provides security professionals with an overview of C&A components, showing them how to document the status of IT security controls and secure systems via standard, repeatable processes.

Faster Shipping

Get this product faster from our US warehouse

Official (ISC)2 (R) Guide to the CAP (R) CBK (R) Summary

Official (ISC)2 (R) Guide to the CAP (R) CBK (R) by Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)

Significant developments since the publication of its bestselling predecessor, Building and Implementing a Security Certification and Accreditation Program, warrant an updated text as well as an updated title. Reflecting recent updates to the Certified Authorization Professional (CAP (R)) Common Body of Knowledge (CBK (R)) and NIST SP 800-37, the Official (ISC)2 (R) Guide to the CAP (R) CBK (R), Second Edition provides readers with the tools to effectively secure their IT systems via standard, repeatable processes.

Derived from the author's decades of experience, including time as the CISO for the Nuclear Regulatory Commission, the Department of Housing and Urban Development, and the National Science Foundation's Antarctic Support Contract, the book describes what it takes to build a system security authorization program at the organizational level in both public and private organizations. It analyzes the full range of system security authorization (formerly C&A) processes and explains how they interrelate. Outlining a user-friendly approach for top-down implementation of IT security, the book:

  • Details an approach that simplifies the authorization process, yet still satisfies current federal government criteria
  • Explains how to combine disparate processes into a unified risk management methodology
  • Covers all the topics included in the Certified Authorization Professional (CAP (R)) Common Body of Knowledge (CBK (R))
  • Examines U.S. federal polices, including DITSCAP, NIACAP, CNSS, NIAP, DoD 8500.1 and 8500.2, and NIST FIPS
  • Reviews the tasks involved in certifying and accrediting U.S. government information systems

Chapters 1 through 7 describe each of the domains of the (ISC)2 (R) CAP (R) CBK (R). This is followed by a case study on the establishment of a successful system authorization program in a major U.S. government department. The final chapter considers the future of system authorization. The book's appendices include a collection of helpful samples and additional information to provide you with the tools to effectively secure your IT systems.

Official (ISC)2 (R) Guide to the CAP (R) CBK (R) Reviews

Praise for the popular first edition:

This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria... Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat's work, he provides the reader with practical information on what works and what does not ... Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.-Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame

About Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)

Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation's Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008-2012, and for the Department of Housing and Urban Development from 2005-2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book, 2002; Building and Implementing a Security Certification and Accreditation Program, 2006; and Beyond Compliance: FISMA Principles and Best Practices, 2011. He is a member of the International Information Systems Security Certification Consortium's Government Advisory Board and Executive Writer's Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor's degree from the University of Oklahoma in 1971 and a Master's degree from Boston University in 1984.

Table of Contents

Building a Successful Enterprise Certification and Accreditation Program. Certification and Accreditation Processes. Certification and Accreditation Case Study. The Future of Certification and Accreditation.

Additional information

CIN1439820759VG
9781439820759
1439820759
Official (ISC)2 (R) Guide to the CAP (R) CBK (R) by Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)
Patrick D. Howard (Chief Information Security Officer, Nuclear Regulatory Commission, USA)
ISC2 Press
Used - Very Good
Hardback
Taylor & Francis Inc
20120718
462
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in very good condition, but if you are not entirely satisfied please get in touch with us

Customer Reviews - Official (ISC)2 (R) Guide to the CAP (R) CBK (R)