Risk Management Framework
Risk Management Framework

Author: James Broad

Publisher: Newnes

Published: 2013-07-03

Total Pages: 315

ISBN-13: 0124047238

DOWNLOAD EBOOK

The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader’s own organization. A comprehensive case study from initiation to decommission and disposal Detailed explanations of the complete RMF process and its linkage to the SDLC Hands on exercises to reinforce topics Complete linkage of the RMF to all applicable laws, regulations and publications as never seen before

Implementing Cybersecurity
Implementing Cybersecurity

Author: Anne Kohnke

Publisher: CRC Press

Published: 2017-03-16

Total Pages: 509

ISBN-13: 1351859706

DOWNLOAD EBOOK

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.

FISMA and the Risk Management Framework
FISMA and the Risk Management Framework

Author: Daniel R. Philpott

Publisher: Newnes

Published: 2012-12-31

Total Pages: 585

ISBN-13: 1597496421

DOWNLOAD EBOOK

FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems. Learn how to build a robust, near real-time risk management system and comply with FISMA Discover the changes to FISMA compliance and beyond Gain your systems the authorization they need

Securing an IT Organization through Governance, Risk Management, and Audit
Securing an IT Organization through Governance, Risk Management, and Audit

Author: Ken E. Sigler

Publisher: CRC Press

Published: 2016-01-05

Total Pages: 239

ISBN-13: 1040070957

DOWNLOAD EBOOK

This book introduces two internationally recognized bodies of knowledge: COBIT 5 from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book maps the CSF steps and activities to the methods defined in COBIT 5, extending the CSF objectives with practical and measurable activities that leverage operational risk understanding in a business context. This allows the ICT organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.

The Tolerability of Risk
The Tolerability of Risk

Author: Frederic Bouder

Publisher: Routledge

Published: 2013-09-05

Total Pages: 168

ISBN-13: 1136551816

DOWNLOAD EBOOK

There is an increasing dissatisfaction about how risk is regulated, leading to vivid debates about the use of 'risk assessment' and 'precaution'. As a result, academics, government officials and industry leaders are calling for new approaches and fresh ideas. This book provides a historical and topical perspective on the alternative concept of 'Tolerability of Risk' and its concrete regulatory applications. In the UK, Tolerability of Risk has been developed into a sophisticated framework, particularly within the health and safety sectors. It is expected to guide decision-makers when applying their legal obligation of keeping risks as low as practically reasonable. Could Tolerability of Risk become a wider source of inspiration across the full scope of risk analysis and management? Written by leading academics and risk practitioners from industry and government, The Tolerability of Risk presents a summary of theoretical perspectives on risk approaches, providing a detailed elicitation of the methods and approaches used to build the Tolerability of Risk framework and examining the prospect of universal application of that framework. From nuclear power to environmental pollution, climate change and drug testing, the Tolerability of Risk framework may offer a workable, pragmatic solution for balancing risks against the costs involved in controlling them, as well as developing the institutional capacity to make effective decisions in all jurisdictions worldwide.