Security Controls Evaluation, Testing, and Assessment Handbook (Paperback)

Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place.

Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems.

Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed.

• Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts for the security controls in your organization.
• Learn how to implement proper evaluation, testing, and assessment procedures and methodologies with step-by-step walkthroughs of all key concepts.
• Shows you how to implement assessment techniques for each type of control, provide evidence of assessment, and proper reporting techniques.

《安全控制評估、測試和評估手冊》提供了一種當今IT系統中評估和測試安全控制的現代且完善的方法，以證明它們在功能上正確運作。本手冊向您展示了如何在威脅和潛在侵犯行為環繞的各個行業和系統中評估、檢查和測試已安裝的安全控制。如果一個系統面臨外部或內部的威脅和漏洞 - 大多數系統都會面臨這種情況 - 那麼本書將為您提供一本有用的手冊，教您如何評估已經存在的安全控制的有效性。

《安全控制評估、測試和評估手冊》向您展示了您的安全控制正在做什麼以及它們如何應對各種內部和外部威脅。本手冊提供了評估和測試IT系統中各種計算機安全控制的指導和技術。

作者Leighton Johnson向您展示了如何運用FISMA、NIST指南和DOD行動，為與美國聯邦機構合作的信息安全專業人員提供詳細的實踐指南，截至2014年3月，所有機構都在NIST基於風險管理框架下遵循相同的指南。本手冊以DOD知識服務和NIST家族評估指南為基礎，用於所有安全控制的需求評估、要求和評估工作。每個控制都可以並且應該以其獨特的方式進行評估，通過測試、檢查和關鍵人員訪談。本書討論了這些方法的每一個。

- 提供如何使用SP800-53A、SP800-115、DOD知識服務和NIST家族評估指南來實施組織中安全控制的全面評估工作的指導。
- 學習如何實施正確的評估、測試和評估程序和方法，並逐步了解所有關鍵概念。
- 向您展示如何為每種類型的控制實施評估技術，提供評估證據和正確的報告技巧。