Contingency Planning Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology
Contingency Planning Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology

Author:

Publisher:

Published: 2002

Total Pages: 108

ISBN-13:

DOWNLOAD EBOOK

NIST Special Publication 800-34, Contingency Planning Guide for Information Technology (IT) Systems provides instructions, recommendations, and considerations for government IT contingency planning. Contingency planning refers to interim measures to recover IT services following an emergency of System disruption. Interim measures may include the relocation of IT systems sod operators to an alternate site, the recovery of IT functions using alternate equipment, or the performance of IT functions using manual methods.

Guide for Developing Security Plans for Federal Information Systems
Guide for Developing Security Plans for Federal Information Systems

Author: U.s. Department of Commerce

Publisher: Createspace Independent Publishing Platform

Published: 2006-02-28

Total Pages: 50

ISBN-13: 9781495447600

DOWNLOAD EBOOK

The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system. The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system owner, and the senior agency information security officer (SAISO). Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable.

Guide to Protecting the Confidentiality of Personally Identifiable Information
Guide to Protecting the Confidentiality of Personally Identifiable Information

Author: Erika McCallister

Publisher: DIANE Publishing

Published: 2010-09

Total Pages: 59

ISBN-13: 1437934889

DOWNLOAD EBOOK

The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and org. Individual harms may include identity theft, embarrassment, or blackmail. Organ. harms may include a loss of public trust, legal liability, or remediation costs. To protect the confidentiality of PII, org. should use a risk-based approach. This report provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommend. here are intended primarily for U.S. Fed. gov¿t. agencies and those who conduct business on behalf of the agencies, but other org. may find portions of the publication useful.

Small Business Information Security
Small Business Information Security

Author: Richard Kissel

Publisher: DIANE Publishing

Published: 2010-08

Total Pages: 20

ISBN-13: 1437924522

DOWNLOAD EBOOK

For some small businesses, the security of their information, systems, and networks might not be a high priority, but for their customers, employees, and trading partners it is very important. The size of a small business varies by type of business, but typically is a business or organization with up to 500 employees. In the U.S., the number of small businesses totals to over 95% of all businesses. The small business community produces around 50% of our nation¿s GNP and creates around 50% of all new jobs in our country. Small businesses, therefore, are a very important part of our nation¿s economy. This report will assist small business management to understand how to provide basic security for their information, systems, and networks. Illustrations.

Federal Information System Controls Audit Manual (FISCAM)
Federal Information System Controls Audit Manual (FISCAM)

Author: Robert F. Dacey

Publisher: DIANE Publishing

Published: 2010-11

Total Pages: 601

ISBN-13: 1437914063

DOWNLOAD EBOOK

FISCAM presents a methodology for performing info. system (IS) control audits of governmental entities in accordance with professional standards. FISCAM is designed to be used on financial and performance audits and attestation engagements. The methodology in the FISCAM incorp. the following: (1) A top-down, risk-based approach that considers materiality and significance in determining audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on bus. process controls; (4) Evaluation of security mgmt. at all levels; (5) Control hierarchy to evaluate IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk. Illus.

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

Author: Karen Scarfone

Publisher: DIANE Publishing

Published: 2009-08

Total Pages: 127

ISBN-13: 1437914926

DOWNLOAD EBOOK

When an IT security configuration checklist (e.g., hardening or lockdown guide) is applied to a system in combination with trained system administrators and a sound and effective security program, a substantial reduction in vulnerability exposure can be achieved. This guide will assist personnel responsible for the administration and security of Windows XP systems. It contains information that can be used to secure local Windows XP workstations, mobile computers, and telecommuter systems more effectively in a variety of environments, including small office, home office and managed enterprise environments. The guidance should only be applied throughout an enterprise by trained and experienced system administrators. Illustrations.

Attribute-Based Access Control
Attribute-Based Access Control

Author: Vincent C. Hu

Publisher: Artech House

Published: 2017-10-31

Total Pages: 285

ISBN-13: 1630814962

DOWNLOAD EBOOK

This comprehensive new resource provides an introduction to fundamental Attribute Based Access Control (ABAC) models. This book provides valuable information for developing ABAC to improve information sharing within organizations while taking into consideration the planning, design, implementation, and operation. It explains the history and model of ABAC, related standards, verification and assurance, applications, as well as deployment challenges. Readers find authoritative insight into specialized topics including formal ABAC history, ABAC’s relationship with other access control models, ABAC model validation and analysis, verification and testing, and deployment frameworks such as XACML. Next Generation Access Model (NGAC) is explained, along with attribute considerations in implementation. The book explores ABAC applications in SOA/workflow domains, ABAC architectures, and includes details on feature sets in commercial and open source products. This insightful resource presents a combination of technical and administrative information for models, standards, and products that will benefit researchers as well as implementers of ABAC systems in the field.

Principles of Incident Response and Disaster Recovery
Principles of Incident Response and Disaster Recovery

Author: Michael E. Whitman

Publisher: Cengage Learning

Published: 2013-04-19

Total Pages: 576

ISBN-13: 9781111138059

DOWNLOAD EBOOK

PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 2nd Edition presents methods to identify vulnerabilities within computer networks and the countermeasures that mitigate risks and damage. From market-leading content on contingency planning, to effective techniques that minimize downtime in an emergency, to curbing losses after a breach, this text is the resource needed in case of a network intrusion. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.

Guide to Computer Security Log Management
Guide to Computer Security Log Management

Author: Karen Kent

Publisher:

Published: 2007-08-01

Total Pages: 72

ISBN-13: 9781422312919

DOWNLOAD EBOOK

A log is a record of the events occurring within an org¿s. systems & networks. Many logs within an org. contain records related to computer security (CS). These CS logs are generated by many sources, incl. CS software, such as antivirus software, firewalls, & intrusion detection & prevention systems; operating systems on servers, workstations, & networking equip.; & applications. The no., vol., & variety of CS logs have increased greatly, which has created the need for CS log mgmt. -- the process for generating, transmitting, storing, analyzing, & disposing of CS data. This report assists org¿s. in understanding the need for sound CS log mgmt. It provides practical, real-world guidance on developing, implementing, & maintaining effective log mgmt. practices. Illus.