Building and Implementing a Security Certification and Accreditation Program: OFFICIAL (ISC)2 GUIDE to the CAPcm CBK
Purchasing Options
Features
Summary
Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes.
This book consists of four main sections. It begins with a description of what it takes to build a certification and accreditation program at the organization level, followed by an analysis of various C&A processes and how they interrelate. The text then provides a case study of the successful implementation of certification and accreditation in a major U.S. government department. It concludes by offering a collection of helpful samples in the appendices.
Table of Contents
Building a Successful Enterprise Certification and
Accreditation Program
Key Elements of an Enterprise Certification and
Accreditation Program
Certification and Accreditation Roles and
Responsibilities
The Certification and Accreditation Life Cycle
Why Certification and Accreditation Programs Fail
Certification and Accreditation Processes
Certification and Accreditation Project Planning
System Inventory Process
Assessing Data Sensitivity and Criticality
System Security Plans
Coordinating Security for Interconnected Systems
Minimum Security Baselines and Best Practices
Assessing Risk
Security Procedures
Certification Testing
Remediation Planning
Essential Certification and Accreditation
Documentation
Documenting the Accreditation Decision
Certification and Accreditation Case Study
The Future of Certification and Accreditation
Appendices
Certification and Accreditation References
Glossary
Sample Statement of Work
Sample Project Work Plan
Sample Project Kickoff Presentation Outline
Sample Project Wrap-Up Presentation Outline
Sample System Inventory Policy
Sample Business Impact Assessment
Sample Rules of Behavior (General Support System)
Sample Rules of Behavior (Major Application)
Sample System Security Plan Outline
Sample Memorandum of Understanding
Sample Interconnection Security Agreement
Sample Risk Assessment Outline
Sample Security Procedure
Sample Certification Test Results Matrix
Sample Risk Remediation Plan
Sample Certification Statement
Sample Accreditation Letter
Sample Interim Accreditation Letter
Editorial Reviews
“This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria… Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat’s work, he provides the reader with practical information on what works and what does not…
“Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.”
—Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame, from the Foreword
Related Titles
