FISMA Certification & Accreditation Handbook

Author - Laura Taylor ... [Goo?] [Posters]

This Paperback Book item from Syngress was reviewed on 24-Oct-2008.

Search ISBN:1597491160 offer from Abebooks or used books from Alibris. FISMA Certification & Accreditation Handbook Reference Book. Classifications : General Business & Investing Subjects Books General AAS Business & Investing Subjects Books Manager's Guides to Computing Business & Culture Computers & Internet Subjects Books Privacy Business & Cult . Click the following link to view the cover of FISMA Certification & Accreditation Handbook.

Related topics: General. Subjects. Books. General AAS. Subjects. Books. Business & Culture. Subjects. Books. Privacy.

1) Paperback Book FISMA Certification & Accreditation Handbook by Syngress. I bought this book because I needed to know how to get through the C&A process from start to finish. I´d read some of the NIST publications, and although they are great publication, they really don´t tell you where to start, and what to do next. The NIST pubs also don´t have very many practical examples in them. Some of the things I like best about this book are the checklists, the templates, and the fact that it is written so that it is easily understandable. It is not written using geek-o-snob rhetoric that make many computer books difficult to understand.¤

2) Paperback Book FISMA Certification & Accreditation Handbook by Syngress. ´Fisma Certification & Accreditation Handbook´ isn´t the type of book that you would pick up for weekend reading but it covers the material that it says it does. Dry and dull it may be, but if you work with this subject matter this is a good reference.

****¤

3) Paperback Book FISMA Certification & Accreditation Handbook by Syngress. I am no fan of the FISMA law. I´ve posted several stories on my blog explaining why I think FISMA is a waste of taxpayer money. Laura Taylor´s FISMA Certification and Accreditation Handbook, however, is a good book if you are unfortunate enough to be tasked with performing FISMA work.

The core of this book is understanding the C&A process. C&A is essentially a giant preparatory paperwork exercise conducted before "game day." When the game is being played (i.e., when .gov systems are being compromised) FISMA demonstrates its irrelevance. Still, it would be nearly impossible to understand FISMA and C&A by looking at agency documentation and applicable laws. The Handbook lays out FISMA and C&A in an easy-to-understand manner, probably sharply reducing the slope of the learning curve for the FISMA and C&A newbie.

One of my favorite aspects of the Handbook is the use of templates. If you need to build a C&A program from (nearly) scratch, or if you want to apply best practices to an existing program, the Handbook´s templates and suggested language will be invaluable. The Handbook also includes many tables of examples and checklists that could be dropped right into relevant documents.

I considered giving the Handbook five stars, even though I detest FISMA and C&A. Given the technical errors and oddities I found, I could only offer four stars. The Handbook claims to have been reviewed by a technical editor, but several comments made me question the level of attention paid to technical details. Ch 12 (Performing the Security Tests and Evaluation) features the comment "Many network scanners also scan for open ports" (p 200). I should hope so; otherwise, they might not know what to examine. One of the suggested port scanners is Strobe, which was popular in 1997 (no lie). I really liked this comment on p 207, which I assume is meant to reassure those tasked with C&A: "Don´t get bogged down trying to figure out how a port listener differs from a port scanner." If a so-called "security consultant" doing C&A doesn´t know the difference, they need to hang it up immediately. The "Suspicious Events That Are Worth Auditing" chart on p 348 really made me laugh. Item "SE 6" says "Invalid IP addresses that are not in the range of acceptable octets, for example: 295.128.16.0." Are they SERIOUS?

In brief, if you are stuck doing C&A for FISMA, take a look at the Handbook. If you are tasked with doing anything remotely technical regarding FISMA, you won´t find help in this book.¤

4) Paperback Book FISMA Certification & Accreditation Handbook by Syngress. Certification and Accreditation is growing area of security concern, and is currently mandated by a law known as the Federal Information Security Management Act of 2002 (FISMA). All U.S. federal agencies must certify and accredit all systems and applications prior to putting them into operation. The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements. This book explains what is meant by Certification and Accreditation and why the process is mandated by federal law.

The different Certification and Accreditation laws are cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the C&A project is complete, the reader will learn to perform the security tests and evaluations, business impact assessments system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally the reader learns to audit their entire C&A project and correct any failures.

Page Updated: Robert N. Goolsby, 21-Nov-2008, 15974911609781597491167, 700-890-230-230-810-601-8

FISMA Certification & Accreditation Handbook, Book, Image © Syngress

Search: Syngress, Book Posters, Book Art