By Patrick D. Howard

While many agencies struggle to conform with Federal details protection administration Act (FISMA) rules, those who have embraced its necessities have discovered that their accomplished and versatile nature presents a valid safeguard hazard administration framework for the implementation of crucial procedure safeguard controls. Detailing a confirmed procedure for setting up and enforcing a accomplished details defense application, FISMA ideas and top Practices: past Compliance integrates compliance assessment, technical tracking, and remediation efforts to provide an explanation for easy methods to in attaining and retain compliance with FISMA requirements.

Based at the author’s adventure constructing, enforcing, and retaining firm FISMA-based details know-how protection courses at 3 significant federal enterprises, together with the U.S. division of Housing and concrete improvement, the ebook supplies viable suggestions for setting up and working a good defense compliance software. It delineates the tactics, practices, and ideas interested by coping with the complexities of FISMA compliance. Describing how FISMA can be utilized to shape the root for an company safety probability administration software, the book:

  • Provides a entire research of FISMA requirements
  • Highlights the first issues for establishing an efficient defense compliance program
  • Illustrates winning implementation of FISMA necessities with quite a few case studies

Clarifying precisely what it takes to achieve and continue FISMA compliance, Pat Howard, CISO of the Nuclear Regulatory fee, presents particular instructions so that you can layout and employees a compliance power, construct organizational relationships, achieve administration aid, and combine compliance into the procedure improvement existence cycle. whereas there isn't any such factor as absolute safety, this updated source displays the $64000 defense recommendations and ideas for addressing details safeguard requisites mandated for presidency companies and firms topic to those criteria.

Show description

Read Online or Download FISMA Principles and Best Practices: Beyond Compliance PDF

Similar network security books

IPSec (2nd Edition)

IPSec, moment variation is the main authoritative, entire, obtainable, and up to date advisor to IPSec know-how. prime professionals hide all features of IPSec structure, implementation, and deployment; assessment vital technical advances due to the fact IPSec used to be first standardized; and current new case reviews demonstrating end-to-end IPSec defense.

A Survey of Data Leakage Detection and Prevention Solutions

SpringerBriefs current concise summaries of state of the art examine and sensible purposes throughout a large spectrum of fields. that includes compact volumes of fifty to a hundred pages (approximately 20,000- 40,000 words), the sequence covers a number of content material from expert to educational. Briefs enable authors to provide their principles and readers to take in them with minimum time funding.

Unified Communications Forensics. Anatomy of Common UC Attacks

Unified Communications Forensics: Anatomy of universal UC assaults is the 1st publication to provide an explanation for the problems and vulnerabilities and reveal the assaults, forensic artifacts, and countermeasures required to set up a safe (UC) atmosphere. This e-book is written by way of prime UC specialists Nicholas provide and Joseph W.

CCSP Self-Study CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide

Community defense is a really complicated company. The Cisco photographs Firewall plays a few very particular services as a part of the safety procedure. it is important to to be accustomed to many networking and community defense suggestions ahead of you adopt the CSPFA certification. This booklet is designed for protection execs or networking pros who're attracted to starting the safety certification procedure.

Extra info for FISMA Principles and Best Practices: Beyond Compliance

Sample text

Because of the nature of reporting guidance, agency reporting also focused almost exclusively on information systems, without much regard for the need to build a sound agencywide program. Agencies were not given additional funding to meet FISMA requirements, but had to reprogram from existing funding to meet the additional information security requirements. Because dollars for information security were scarce, agencies had to prioritize their response to FISMA accordingly, and resources generally were invested in developing processes necessary to improve their FISMA Report Card grade.

Agencies that employ a strategy of just doing the minimum necessary to meet compliance requirements are merely playing a game that in time they will surely lose. Such an approach also fails to recognize the value and importance of the FISMA approach to information security management. Agencies must make the effort to understand the nature of all compliance requirements, accept them as bona fide components of the overall information security program, and honestly seek to integrate their implementation into their plans for improving the overall information security posture of the organization.

An agency whose management is not committed to the need for an effective information security program will never have one. If that management is satisfied by merely complying with FISMA requirements and checking the box, that agency will never have a program mature enough to consistently provide adequate security for the information it needs to support its mission and objectives. Management support is addressed first, indicating its importance to program success. • Design the information security organization: Each government agency must have an information security organization that is right-sized to the needs of the agency.

Download PDF sample

Rated 4.52 of 5 – based on 21 votes