PDF Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
You could find exactly how guide can be acquired based upon the scenario of your really feels and also ideas. When the addition of guide recommendation is reasonable enough, it turns into one way to draw in the visitors to buy it. To suit this trouble, we serve today soft data that can be gained quickly. You may not really feel so hard by trying to find in guide store around your city.
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
PDF Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
Find the key to improve the lifestyle by reading this Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) This is a kind of book that you require now. Besides, it can be your preferred publication to review after having this book Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) Do you ask why? Well, Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) is a publication that has various particular with others. You may not should know that the author is, how widely known the job is. As wise word, never ever evaluate the words from that speaks, yet make the words as your good value to your life.
Going to an internet site that is very finished as in this area is unusual. So, it's your good luck to locate us. As well as pertaining to the Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press), we offer you this book in soft file. So, you will certainly not need to really feel tough to bring the published book when planning to read it every time. If you really feel bemused concerning how you can get it, you could save the data in your gizmo and various other tool. So, when you open the gizmo, you can be reminded concerning guide inside.
Now, you may know well that this publication is mainly recommended not just for the viewers that like this topic. This is likewise advertised for all people and also public kind society. It will not limit you to read or not the book. However, when you have started or started to read DDD, you will certainly recognize why precisely guide will certainly provide you al positive things.
To deal with this condition, many other people also try to get this book as their reading now. Are you interested? Pick this best book to offer today, we offer this book for you because it’s a kind of amazing book from professional and experienced author. Becoming the good friend in your lonely without giving boredom is the characteristic of Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) that we present in this website.
Review
Praise for the popular first edition: This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria… Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat’s work, he provides the reader with practical information on what works and what does not … Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.―Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame
Read more
About the Author
Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008–2012, and for the Department of Housing and Urban Development from 2005–2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book, 2002; Building and Implementing a Security Certification and Accreditation Program, 2006; and Beyond Compliance: FISMA Principles and Best Practices, 2011. He is a member of the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984.
Read more
Product details
Series: (ISC)2 Press
Hardcover: 462 pages
Publisher: Auerbach Publications; 2 edition (July 18, 2012)
Language: English
ISBN-10: 1439820759
ISBN-13: 978-1439820759
Product Dimensions:
7 x 1 x 10 inches
Shipping Weight: 2.2 pounds (View shipping rates and policies)
Average Customer Review:
3.7 out of 5 stars
26 customer reviews
Amazon Best Sellers Rank:
#50,364 in Books (See Top 100 in Books)
OFFICCIAL (ISC)2 GUIDE TO THE CAP CBK, Second EditionBy Patrick D. Howard, CISSP, CISMPublished 2012USBN 978-1-4398-2075Steven EddySept 1, 2017The author has done a great job given the state of the Risk Management Framework (RMF) at the time. He was involved in one of the first RMF assessments which was for the Department of Transportation. This was before the DOD requirement to transition from the DIACAP Certification and Accreditation process to the RMF Assessment and Accreditation (A&A) process. NIST Special Publication 800-37Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems a Security Life Cycle Approach is the overarching document for RMF. The problem with this book is that RMF has matured much since it was written. Assessment and Accreditation have been increasingly automated. The process has become more complicated and complex. Roll names have changed almost entirely. Practical steps required for a modern A&A process are not given. DISA’s Enterprise Mission Assurance Support Service (eMASS) application and website is essential and mandatory in prosecuting a modern A&A effort. eMASS uploads Excel test result spreadsheets and scans, creates the System Security Plan, the POAM, the Implementation Plan, the Risk Assessment Plan (RAR) and the Security Assessment Plan (SAR). Many new roles such as the Security Control Assessor – Reviewer (SCA-R) and Security Control Assessor- Verifier (SCA-V) are not mentioned, although they are two of the most critical roles. The execution of these roles are also accomplished in eMASS.An essential first element in categorizing systems is DoD information technology (IT) is broadly grouped as DoD information systems (IS), platform information technology (PIT) systems. This is not covered. Nor is one of the main advantages of RMF, reciprocity. Reciprocity is the ability to use authorizations of other similar systems to inherit compliance for security controls to a new system, avoiding redundant time and effort. Additionally, in categorization, there are also now categories of Very Low and Very High in addition to the Low, Moderate and High of the past. There is no mention of the Initial Approval to Test, which provides for testing of the system before production development takes place to prove the system concept is workable.FIPS, NIST and CNSS publications need to include titles, and brief summaries early in the book to avoid confusion and tell what subject matter they include in order to make referencing them easier. There is a glossary in the guide, but no acronym list, which is essential particularly in light of the renaming and adding of roles and processes. Inclusion of a compact disc containing a searchable soft copy of the book would be very helpful in studying the subject.Although this book was very well written for its time, it is very much out of date and needs to be updated along with the test it serves. I would not recommend reading or studying this as it will only confuse someone who is currently involved in or wishes to be involved in modern RMF program Assessments and Authorization processes. I have been told that a new test and training materials are being developed by (ISC)2 to update this certification. It is suggested that candidates wait for the new updated test and study materials before studying for the CAP certification. I hope my review will aid them in this effort. In the mean time I would wait for the new material before voyaging forward on a CAPP certification.
I have done most of the material covered in the book as part of my job in the past. The book was somewhat helpful, but as other reviewers have noted some of the material is outdated or otherwise incorrect. Fortunately by studying with the book as well as rereading the appropriate NIST documents I was able to pass the CAP exam the first time I took it.
It reads like a dictionary and is not focused on exam topics. I have been doing this kind of work for years and have been CISSP since 2001. This book was more confusing than helpful because it is written so badly. It is just long winded vague and their is no effort to map it to a job skill. It is PURELY CONCEPTUAL. It will make reference to a specific NIST document, but it will not put any context to statements, the graphics are average to poor and generally the book puts you to sleep. I recommend a third party book if you are preparing for the exam or a 3rd party class if you are attempting to gain the skills.
I had a hard time reading this book (I made it ~ 20 pages). There are repeated references to DITSCAP and DIACAP terms that are not used in NIST terminology that drove me crazy. Needless to say I didn't read it at all for the exam. Stuck with the primary references (NIST SP Pubs) and still passed the exam. Seemed like he tried to regurgitate what he had in the DIACAP book with a sprinkling of RMF vernacular.
A good study guide and informative. I wish the book also came with some practice tests on CD or something similar. Also, full copies of the most recent policies and publications that are referenced through out the book would have helped immensely instead of having to spend time finding them on my own, from websites that are usually secured from the average user not working from a DoD network.
Its a read like all ISC books, but the content is pretty straight forward and the flow is logical, I will say that as a DoD IA professional there are some inaccuracies in the book, re: the book states that Physical (DoD 8500 PExx etc..) controls are inherited controls, this is not always true, it depends on the task, as an example, on an Army task I was on doing testing and C&A leading to issuance of an ATO all Physical and Personnel controls were NOT inherited, they were considered shared, shared by the site (in this case TRADOC) and Ft Eustis, both entities shared the responsibility and as the accrediting entity we could not write the controls off as "inherited" they either passed or failed-as directed by the Army ODAA, so as with all INFOSEC/IA/Info Security controls, either DoD 8500 or NIST 800.53, they are often very specific to the site environment, task, and branch and variances do exist, it is not always so cut and dry.
Well written book! I've used this book with my students at the University of Alabama in Huntsville (UAH) to teach the CAP certification course. There are a few things that have changed and as such should be updated, but that is to be expected in the technology field. The idea is that you use this book as a supplement to the published NIST and FIPS guidance.
The theoretical and practical exposition of the book.
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) EPub
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Doc
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) iBooks
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) rtf
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Mobipocket
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Kindle
Tidak ada komentar:
Posting Komentar