Risk Management Framework: A Lab-Based Approach to Securing Information Systems (Paperback)

James Broad

  • 出版商: Syngress Media
  • 出版日期: 2013-07-22
  • 定價: $2,030
  • 售價: 8.5$1,726
  • 語言: 英文
  • 頁數: 316
  • 裝訂: Paperback
  • ISBN: 1597499951
  • ISBN-13: 9781597499958
  • 相關分類: 資訊安全Information-management
  • 立即出貨 (庫存 < 4)

商品描述

The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader's own organization.

. A comprehensive case study from initiation to decommission and disposal

. Detailed explanations of the complete RMF process and its linkage to the SDLC

. Hands on exercises to reinforce topics

. Complete linkage of the RMF to all applicable laws, regulations and publications as never seen before

商品描述(中文翻譯)

RMF(Risk Management Framework)允許組織開發一個組織範圍的風險框架,從而減少授權系統操作所需的資源。使用RMF將幫助組織不僅保持符合FISMA和OMB的要求,還可以根據其他合規要求(如支付卡行業(PCI)或薩班斯·奧克斯利(SOX))進行定制。隨著2010年NIST SP 800-37的發布以及情報界和國防部門轉向修改版本的這一過程,需要清晰的實施指南來幫助個人正確實施這一過程。沒有其他出版物像本書一樣詳細地涵蓋了這個主題,也沒有提供能夠強化這些主題的實踐練習。本書中的示例將通過一個虛構的組織展示RMF的過程,讓讀者能夠跟隨正確合規措施的制定過程。本書提供的模板使讀者能夠快速在其組織中實施RMF。隨著政府和非政府組織圍繞RMF建立其安全計劃的需求不斷擴大,對這本書的需求也在增加。附帶的網站提供了訪問所有文件、模板和示例的方式,讓讀者不僅能夠理解RMF,還能夠在自己的組織中實施這一過程。

本書包括以下內容:
- 從啟動到退役和處置的全面案例研究
- 對完整RMF過程及其與SDLC的聯繫的詳細解釋
- 實踐練習以強化主題
- 將RMF與所有適用的法律、法規和出版物進行全面聯繫,前所未有地詳細呈現