Risk management framework [electronic resource] : a lab-based approach to securing information systems / James Broad.

Broad, James.
Amsterdam ; Boston : Elsevier/Syngress, c2013.
1 online resource (315 p.)
1st edition

Location Notes Your Loan Policy


Computer security -- Government policy -- United States.
Electronic government information -- Security measures -- United States.
Information technology -- Security measures -- United States.
Information technology -- United States -- Management.
Risk management -- Government policy -- United States.
Electronic books.
System Details:
text file
The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly im
Front Cover; Risk Management Framework: A Lab-Based Approach to Securing Information Systems; Copyright; Dedication; Acknowledgments; About the Author; Technical Editor; Contents; Companion Website; Chapter 1: Introduction; Book Overview and Key Learning Points; Book Audience; The Risk Management Framework (RMF); Why This Book Is Different; A Note about National Security Systems; Book Organization; Part 1; Chapter 2: Laws, Regulations, and Guidance; Chapter Overview and Key Learning Points; The Case for Legal and Regulatory Requirements; Legal and Regulatory Organizations
Orders Issued by the President of the United States of AmericaOffice of Management and Budget (OMB); National Institute of Standards and Technology (NIST); Committee on National Security Systems (CNSS); Office of the Director of National Intelligence (ODNI); Department of Defense (DoD); Laws, Policies, and Regulations; Privacy Act of 1974 (updated in 2004); Transmittal Memorandum No. 4, Management of Federal Information Resources, OMB A-130 (December, 1985); Information Technology Management Reform Act of 1996 (Clinger-Cohen Act)
Health Insurance Portability and Accountability Act of 1996 (HIPAA)Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act); Privacy Policies and Data Collection on Federal Web Sites, OMB M-00-13 (June, 2000); Executive Order 13231, Critical Infrastructure Protection in the Information Age, (October, 2001); Guidance for Preparing and Submitting Security Plans of Action and Milestones, OMB M-02-01 (October, 2001); Federal Information Security Management Act of 2002 (FISMA); HSPD 7, Critical Infrastructure Identification, Prioritization, and Protection (December, 2003)
Health Information Technology for Economic and Critical Health (HITECH) Act of 2009Policy on Information Assurance Risk Management for National Security Systems (CNSSP 22. January, 2012); Security Categorization and Control Selection for National Security Systems (CNSSI 1253, Version 2. March, 2012); National Institute of Standards and Technology (NIST) Publications; Federal Information Processing Standards (FIPS) and Special Publications (SP); FIPS 199; FIPS 200; NIST SP 300-39; SP 300-37; SP 800-60; SP 800-53; SP 800-53A; SP 800-18; SP 800-70; SP 800-59
Chapter 3: Integrated Organization-Wide Risk ManagementChapter Overview and Key Learning Points; Risk Management; Risk Management and the RMF; Components of Risk Management; Framing the Risk; Risk Assessment; Risk Response; Monitoring Risk; Multi-tiered Risk Management; Tier 1, Organizational Risk Management; Tier 2, Mission/Business Processes; Tier 3, Information System; Risk Executive (Function); Chapter 4: The Joint Task Force Transformation Initiative; Chapter Overview and Key Learning Points; Before the Joint Task Force Transformation Initiative; Federal Information Systems
Military and Defense Systems
Description based upon print version of record.
Includes bibliographical references and index.