Official (ISC)2 Guide to the CAP CBK, 2/e (Hardcover)

Significant developments since the publication of its bestselling predecessor, Building and Implementing a Security Certification and Accreditation Program, warrant an updated text as well as an updated title. Reflecting recent updates to the Certified Authorization Professional (CAP^®) Common Body of Knowledge (CBK^®) and NIST SP 800-37, the Official (ISC)^2® Guide to the CAP^® CBK^®, Second Edition provides readers with the tools to effectively secure their IT systems via standard, repeatable processes.

Derived from the author’s decades of experience, including time as the CISO for the Nuclear Regulatory Commission, the Department of Housing and Urban Development, and the National Science Foundation’s Antarctic Support Contract, the book describes what it takes to build a system security authorization program at the organizational level in both public and private organizations. It analyzes the full range of system security authorization (formerly C&A) processes and explains how they interrelate. Outlining a user-friendly approach for top-down implementation of IT security, the book:

• Details an approach that simplifies the authorization process, yet still satisfies current federal government criteria
• Explains how to combine disparate processes into a unified risk management methodology
• Covers all the topics included in the Certified Authorization Professional (CAP^®) Common Body of Knowledge (CBK^®)
• Examines U.S. federal polices, including DITSCAP, NIACAP, CNSS, NIAP, DoD 8500.1 and 8500.2, and NIST FIPS
• Reviews the tasks involved in certifying and accrediting U.S. government information systems

Chapters 1 through 7 describe each of the domains of the (ISC)^2® CAP^® CBK^®. This is followed by a case study on the establishment of a successful system authorization program in a major U.S. government department. The final chapter considers the future of system authorization. The book’s appendices include a collection of helpful samples and additional information to provide you with the tools to effectively secure your IT systems.

自從暢銷書籍《建立和實施安全認證和授權計劃》出版以來，有一些重大進展，因此需要更新內容和標題。《(ISC)²官方指南：CAP® CBK® 第二版》反映了最近對Certified Authorization Professional (CAP®) Common Body of Knowledge (CBK®)和NIST SP 800-37的更新，為讀者提供了有效保護其IT系統的工具，通過標準化、可重複的流程。

本書作者憑藉數十年的經驗，包括擔任核能管制委員會、住房和城市發展部以及國家科學基金會南極支援合同的CISO，描述了在公共和私營組織中建立組織級別的系統安全授權計劃所需的要素。它分析了系統安全授權（以前稱為C&A）流程的全部範圍，並解釋了它們之間的相互關係。該書概述了一種用於從上而下實施IT安全的用戶友好方法，其中包括：

- 詳細介紹簡化授權流程的方法，同時滿足當前聯邦政府的標準
- 解釋如何將不同的流程結合為統一的風險管理方法論
- 涵蓋Certified Authorization Professional (CAP®) Common Body of Knowledge (CBK®)中包含的所有主題
- 檢視美國聯邦政策，包括DITSCAP、NIACAP、CNSS、NIAP、DoD 8500.1和8500.2以及NIST FIPS
- 回顧認證和授權美國政府信息系統所涉及的任務

第1章到第7章描述了(ISC)² CAP® CBK®的每個領域。接著是一個案例研究，介紹了在一個重要的美國政府部門建立成功的系統授權計劃。最後一章探討了系統授權的未來。本書的附錄包括一系列有用的示例和其他信息，為您提供有效保護IT系統的工具。