Security Assessment: Case Studies for Implementing the NSA IAM
暫譯: 安全評估:實施NSA IAM的案例研究
Russ Rogers, Greg Miles, Ed Fuller, Ted Dykstra
- 出版商: Syngress Media
- 出版日期: 2004-01-29
- 定價: $2,100
- 售價: 1.9 折 $399
- 語言: 英文
- 頁數: 448
- 裝訂: Paperback
- ISBN: 1932266968
- ISBN-13: 9781932266962
-
相關分類:
資訊安全
立即出貨(限量) (庫存=3)
買這商品的人也買了...
-
資料結構-使用 C++ (Fundamentals of Data Structures in C++)$520$411 -
計算機組織與設計--軟硬體界面第二版 (Computer Organization & Design, 2/e)$680$537 -
C++ Builder 6 程式設計快樂上手$590$590 -
$1,274Computer Architecture: A Quantitative Approach, 3/e(精裝本) -
演算法導論 (Introduction to Algorithms, 2/e)$860$679 -
作業系統概念 (Operating System Concepts, 6/e Windows XP Update)$780$741 -
精通 Visual Basic.NET 中文版黑皮書 (Visual Basic.NET Black Book)$750$585 -
數位影像處理 (Digital Image Processing, 2/e)$820$804 -
鳥哥的 Linux 私房菜-伺服器架設篇$750$638 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$476 -
Dreamweaver MX 2004 魔法書中文版$490$387 -
人月神話:軟體專案管理之道 (20 週年紀念版)(The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition, 2/e)$480$379 -
CCNA 認證教戰手冊 Exam 640-801 (CCNA Cisco Certified Network Associate Study Guide, 4/e)$780$616 -
JSP 與 Servlet 500 個應用範例技巧大全集$590$460 -
Fedora Core 2 Linux 實務應用$650$514 -
最新 JavaScript 完整語法參考辭典 第三版$490$382 -
Project 2003 徹底研究$690$538 -
Excel VBA 徹底研究 - Excel 2003 Power Progamming with VBA
$620$484 -
Reporting Service 實戰演練$690$587 -
Word 排版藝術$620$490 -
Eclipse 整合開發工具 (Eclipse)$540$427 -
Windows 程式設計使用 MFC (Programming Windows with MFC, 2/e)$990$782 -
$1,176Computer Organization and Design: The Hardware/Software Interface, 3/e(IE) (美國版ISBN:1558606041) -
RFID 技術與應用$480$379 -
Linux 系統管理實務─自動化、備份救援、系統安全、叢集$780$616
商品描述
Everything You Need to Know to Conduct a Security Audit of Your Organization
In 1998, the National Security Agency (NSA) Information Assurance Methodology (IAM) was developed to meet the demand for information security (INFOSEC) assessments-a demand that was increasing due to Presidential Decision Directive 63 (PDD-63) while at the same time NSA was downsizing. NSA sought a way to maximize its resources to assist as many customers as possible and so they created a list of organizations that could perform the same service as the NSA. NSA quickly realized that this system would not only provide valuable information to consumers-it would also provide a vehicle for standardization of INFOSEC assessments.
- Define
What Composes an Assessment
Learn about the NSA's three-phases: Assessment, Evaluation, and Red teaming - Understand Industry Concerns for the Assessment
Site
Review the items that affect your client: Health Insurance Portability and Accounting Act of 1996 (HIPAA), Sarbanes-Oxley, Financial Management and Accountability (FMA) Act, Family Education Rights and Privacy Act (FERPA), and others. - Create
the Organizational Information Criticality Matrix (OICM)
Create the OICM, which provides a basis for everything else in the methodology and clarifies the intentions and goals of the assessment process for the customer. - Handle
Documentation Identification and Collection
Work with the client to gather and define documents such as policy, guidelines, plans, SOPs, user documentation and see what happens when no documentation exists. - Understand the Technical Assessment Plan (TAP)
Use the TAP to define all dates and scheduling, personnel involvement, understood boundaries, deliverables, priority concerns, and priority constraints. - Review
the 18 NSA INFOSEC Baseline Classes and Categories
Use these 18 categories to address the customer's security posture and determine what questions should be asked during the interview process. - Create a
Recommendation Road Map
Provide the customer with a road map to the best way to address or implement the corrective measures for negative findings. - Understand the Findings
Assess the overall risk to a customer by looking at the threats, vulnerabilities, and asset value and analyze both negative and positive findings to create a true picture of the customer's security posture. - Register
for Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!
CASE STUDIES INCLUDE
Scoping Effort for Organization
for Optimal Power Supply (OOPS)
The Bureau of Overt
Redundancy
Organizational Criticality at TOOT
Higher
Education
Interviews with a University Staff
Medical
Management
Analyzing Findings for Important Internet Services Provided,
Inc.
商品描述(中文翻譯)
一切您需要知道的,來進行組織的安全審計
在1998年,國家安全局(NSA)資訊保障方法論(IAM)被開發出來,以滿足對資訊安全(INFOSEC)評估的需求。這一需求因總統決策指令63(PDD-63)而增加,同時NSA也在縮編。NSA尋求一種方法來最大化其資源,以協助盡可能多的客戶,因此他們創建了一個可以提供與NSA相同服務的組織名單。NSA很快意識到,這一系統不僅能為消費者提供有價值的信息,還能為INFOSEC評估的標準化提供一個途徑。
- 定義評估的組成部分
了解NSA的三個階段:評估、評價和紅隊演練
- 了解評估網站的行業關注
檢視影響客戶的項目:1996年健康保險可攜性與責任法案(HIPAA)、薩班斯-奧克斯利法案、財務管理與問責法案(FMA)、家庭教育權利與隱私法案(FERPA)等。
- 創建組織資訊關鍵性矩陣(OICM)
創建OICM,這為方法論中的其他所有內容提供基礎,並澄清評估過程對客戶的意圖和目標。
- 處理文件識別與收集
與客戶合作,收集和定義文件,如政策、指導方針、計劃、標準作業程序(SOP)、用戶文檔,並查看當沒有文檔存在時會發生什麼。
- 了解技術評估計劃(TAP)
使用TAP來定義所有日期和排程、參與人員、理解的邊界、交付物、優先關注事項和優先限制。
- 檢視18個NSA INFOSEC基準類別
使用這18個類別來評估客戶的安全狀態,並確定在面試過程中應該提出哪些問題。
- 創建建議路線圖
為客戶提供一個路線圖,以最佳方式解決或實施針對負面發現的糾正措施。
- 了解發現結果
通過查看威脅、漏洞和資產價值來評估客戶的整體風險,並分析負面和正面的發現,以創建客戶安全狀態的真實圖景。
- 註冊您的1年升級
Syngress Solutions升級計劃保護您免受內容過時的影響,並提供每月郵件、白皮書等!
案例研究包括
組織最佳電源供應(OOPS)的範圍努力
明顯冗餘局
TOOT的組織關鍵性
高等教育
與大學工作人員的訪談
醫療管理
分析重要網路服務提供公司的發現結果。
