FISMA Principles and Best Practices: Beyond Compliance
暫譯: FISMA 原則與最佳實踐：超越合規性

Name: FISMA Principles and Best Practices: Beyond Compliance
Price: 2670 TWD
Availability: OnlineOnly
Author: Howard, Patrick D.
ISBN: 0367382903

Howard, Patrick D.

出版商: Auerbach Publication
出版日期: 2019-09-25
售價: $2,810
貴賓價: 9.5 折 $2,670
語言: 英文
頁數: 345
裝訂: Quality Paper - also called trade paper
ISBN: 0367382903
ISBN-13: 9780367382902

海外代購書籍(需單獨結帳)

商品描述

While many agencies struggle to comply with Federal Information Security Management Act (FISMA) regulations, those that have embraced its requirements have found that their comprehensive and flexible nature provides a sound security risk management framework for the implementation of essential system security controls. Detailing a proven approach for establishing and implementing a comprehensive information security program, FISMA Principles and Best Practices: Beyond Compliance integrates compliance review, technical monitoring, and remediation efforts to explain how to achieve and maintain compliance with FISMA requirements.

Based on the author's experience developing, implementing, and maintaining enterprise FISMA-based information technology security programs at three major federal agencies, including the U.S. Department of Housing and Urban Development, the book gives you workable solutions for establishing and operating an effective security compliance program. It delineates the processes, practices, and principles involved in managing the complexities of FISMA compliance. Describing how FISMA can be used to form the basis for an enterprise security risk management program, the book:

Provides a comprehensive analysis of FISMA requirements

Highlights the primary considerations for establishing an effective security compliance program

Illustrates successful implementation of FISMA requirements with numerous case studies

Clarifying exactly what it takes to gain and maintain FISMA compliance, Pat Howard, CISO of the Nuclear Regulatory Commission, provides detailed guidelines so you can design and staff a compliance capability, build organizational relationships, gain management support, and integrate compliance into the system development life cycle. While there is no such thing as absolute protection, this up-to-date resource reflects th

商品描述(中文翻譯)

許多機構在遵循《聯邦資訊安全管理法》（FISMA）規範方面面臨挑戰，但那些接受其要求的機構發現，其全面且靈活的特性為實施基本系統安全控制提供了一個穩健的安全風險管理框架。《FISMA 原則與最佳實踐：超越合規性》詳細說明了一種經過驗證的方法，用於建立和實施全面的資訊安全計畫，整合合規性審查、技術監控和修正措施，以解釋如何達成並維持對 FISMA 要求的合規性。

根據作者在三個主要聯邦機構（包括美國住房和城市發展部）開發、實施和維護基於 FISMA 的企業資訊技術安全計畫的經驗，本書為您提供可行的解決方案，以建立和運營有效的安全合規計畫。它清晰地劃分了管理 FISMA 合規性複雜性的過程、實踐和原則。書中描述了如何利用 FISMA 作為企業安全風險管理計畫的基礎，具體包括：

- 提供 FISMA 要求的全面分析
- 突出建立有效安全合規計畫的主要考量
- 通過多個案例研究說明成功實施 FISMA 要求的實例

澄清獲得和維持 FISMA 合規性所需的具體要求，核能監管委員會的首席資訊安全官 Pat Howard 提供了詳細的指導方針，幫助您設計和配置合規能力，建立組織關係，獲得管理層支持，並將合規性整合到系統開發生命週期中。雖然不存在絕對的保護，但這本最新資源反映了

作者簡介

Patrick D. Howard has over 38 years of experience in the security industry, and has worked in the computer security field for the past 23 years. Mr. Howard has served as the Chief Information Security Officer at the Nuclear Regulatory Commission since March 17, 2008, and is responsible for managing NRC's enterprise-wide information security program. Prior to joining NRC, Mr. Howard was employed at the Department of Housing and Urban Development for 3 years, where he served as HUD's Chief Information Security Officer and managed the Department's enterprise-wide information technology security program.

Mr. Howard led HUD to a first ever "A+" score on Congress' 2006 FISMA Report Card and was recognized as a 2007 Fed 100 winner for his accomplishments in government information technology. Prior to joining HUD, Mr. Howard was employed by the Titan Corporation supporting the Department of Transportation where he served as the Department's Certification and Accreditation Program Manager. Mr. Howard is co-author of the Total CISSP Exam Prep Book, and author of Building and Implementing a Security Certification and Accreditation Program.

Mr. Howard received a bachelor's degree in History from the University of Oklahoma and an master's degree in International Relations from Boston University. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM). He is a member of the American Council for Technology/Industry Advisory Council (ACT/IAC) InfoSec and Privacy Shared Interest Group Government Advisory Panel and the International Information Systems Security Certification Consortium's Government Advisory Board and the Executive Writer's Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy, Michigan.

作者簡介(中文翻譯)

Patrick D. Howard 在安全產業擁有超過 38 年的經驗，並在計算機安全領域工作了 23 年。Howard 先生自 2008 年 3 月 17 日以來擔任核能監管委員會 (NRC) 的首席資訊安全官，負責管理 NRC 的全企業資訊安全計畫。在加入 NRC 之前，Howard 先生在住房與城市發展部工作了 3 年，擔任 HUD 的首席資訊安全官，並管理該部門的全企業資訊技術安全計畫。

Howard 先生帶領 HUD 在國會 2006 年的 FISMA 成績單上獲得首次的 'A+' 評分，並因其在政府資訊技術方面的成就而被認可為 2007 年的 Fed 100 獲獎者。在加入 HUD 之前，Howard 先生曾在 Titan Corporation 工作，支持交通部，擔任該部門的認證與授權計畫經理。Howard 先生是 Total CISSP Exam Prep Book 的共同作者，並著有 Building and Implementing a Security Certification and Accreditation Program。

Howard 先生在奧克拉荷馬大學獲得歷史學學士學位，並在波士頓大學獲得國際關係碩士學位。他是認證資訊系統安全專業人員 (CISSP) 和認證資訊安全經理 (CISM)。他是美國科技委員會/產業諮詢委員會 (ACT/IAC) 資訊安全與隱私共享利益小組政府諮詢委員會及國際資訊系統安全認證聯盟的政府諮詢委員會成員，並擔任執行編輯局的主席。Howard 先生也是密西根州特洛伊的 Walsh College 資訊保障的兼任教授。