Rabu, 01 April 2015

Download Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

Download Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

The book with that Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) has the some motivations the motivations can be taken for you that plan such a new service. When you have no suggestion to plan exactly what to do, this book will help you. It takes place when you count review it perfectly as well as get it unbelievably. Are you interested to read it? Allow's take couple of minutes to handle this publication and afterwards take it as reading product.

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)


Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)


Download Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press). The developed modern technology, nowadays support every little thing the human requirements. It includes the day-to-day activities, jobs, office, amusement, and also more. One of them is the wonderful website link as well as computer system. This condition will reduce you to sustain among your pastimes, reviewing habit. So, do you have going to review this publication Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) now?

It's needed currently to possess this publication by you. It is not as difficult as formerly to discover a book. The modern-day technology always is the very best means to discover something. As here, we are the website that always provides guide that you require. As Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press), we offer it in the soft documents. You might not to publish it and also get it as papers as well as pilled one at a time. Reading this book in computer device or laptop computer can be additionally very same. Additionally, you can additionally review it on your gadget or Smartphone. Now, that's readily available enough.

This Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) belongs to the soft file book that we provide in this on-line website. You may find this kind of books and other collective books in this website actually. By clicking the link that we offer, you can go to the book site and enjoy it. Saving the soft file of this book becomes what you can overcome to read it everywhere. This way can evoke the break boredom that you can feel. It will also be a good way to save the file in the gadget or tablet, so you can read it any time.

Nowadays, the innovative modern technology always offers the remarkable functions of exactly how this book. Everyone will have to get such specific analysis material, concerning science or fictions; it will certainly rely on their conception. Occasionally, you will certainly need social or science book to check out. Sometimes, you require the fiction or literature book to have even more home entertainment. It will guarantee your condition to get more inspiration as well as experience of reading a publication.

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

Review

Praise for the popular first edition: This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria… Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat’s work, he provides the reader with practical information on what works and what does not … Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.―Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame

Read more

About the Author

Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008–2012, and for the Department of Housing and Urban Development from 2005–2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book, 2002; Building and Implementing a Security Certification and Accreditation Program, 2006; and Beyond Compliance: FISMA Principles and Best Practices, 2011. He is a member of the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984.

Read more

Product details

Series: (ISC)2 Press

Hardcover: 462 pages

Publisher: Auerbach Publications; 2 edition (July 18, 2012)

Language: English

ISBN-10: 1439820759

ISBN-13: 978-1439820759

Product Dimensions:

7 x 1 x 10 inches

Shipping Weight: 2.2 pounds (View shipping rates and policies)

Average Customer Review:

3.7 out of 5 stars

26 customer reviews

Amazon Best Sellers Rank:

#50,364 in Books (See Top 100 in Books)

OFFICCIAL (ISC)2 GUIDE TO THE CAP CBK, Second EditionBy Patrick D. Howard, CISSP, CISMPublished 2012USBN 978-1-4398-2075Steven EddySept 1, 2017The author has done a great job given the state of the Risk Management Framework (RMF) at the time. He was involved in one of the first RMF assessments which was for the Department of Transportation. This was before the DOD requirement to transition from the DIACAP Certification and Accreditation process to the RMF Assessment and Accreditation (A&A) process. NIST Special Publication 800-37Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems a Security Life Cycle Approach is the overarching document for RMF. The problem with this book is that RMF has matured much since it was written. Assessment and Accreditation have been increasingly automated. The process has become more complicated and complex. Roll names have changed almost entirely. Practical steps required for a modern A&A process are not given. DISA’s Enterprise Mission Assurance Support Service (eMASS) application and website is essential and mandatory in prosecuting a modern A&A effort. eMASS uploads Excel test result spreadsheets and scans, creates the System Security Plan, the POAM, the Implementation Plan, the Risk Assessment Plan (RAR) and the Security Assessment Plan (SAR). Many new roles such as the Security Control Assessor – Reviewer (SCA-R) and Security Control Assessor- Verifier (SCA-V) are not mentioned, although they are two of the most critical roles. The execution of these roles are also accomplished in eMASS.An essential first element in categorizing systems is DoD information technology (IT) is broadly grouped as DoD information systems (IS), platform information technology (PIT) systems. This is not covered. Nor is one of the main advantages of RMF, reciprocity. Reciprocity is the ability to use authorizations of other similar systems to inherit compliance for security controls to a new system, avoiding redundant time and effort. Additionally, in categorization, there are also now categories of Very Low and Very High in addition to the Low, Moderate and High of the past. There is no mention of the Initial Approval to Test, which provides for testing of the system before production development takes place to prove the system concept is workable.FIPS, NIST and CNSS publications need to include titles, and brief summaries early in the book to avoid confusion and tell what subject matter they include in order to make referencing them easier. There is a glossary in the guide, but no acronym list, which is essential particularly in light of the renaming and adding of roles and processes. Inclusion of a compact disc containing a searchable soft copy of the book would be very helpful in studying the subject.Although this book was very well written for its time, it is very much out of date and needs to be updated along with the test it serves. I would not recommend reading or studying this as it will only confuse someone who is currently involved in or wishes to be involved in modern RMF program Assessments and Authorization processes. I have been told that a new test and training materials are being developed by (ISC)2 to update this certification. It is suggested that candidates wait for the new updated test and study materials before studying for the CAP certification. I hope my review will aid them in this effort. In the mean time I would wait for the new material before voyaging forward on a CAPP certification.

I have done most of the material covered in the book as part of my job in the past. The book was somewhat helpful, but as other reviewers have noted some of the material is outdated or otherwise incorrect. Fortunately by studying with the book as well as rereading the appropriate NIST documents I was able to pass the CAP exam the first time I took it.

It reads like a dictionary and is not focused on exam topics. I have been doing this kind of work for years and have been CISSP since 2001. This book was more confusing than helpful because it is written so badly. It is just long winded vague and their is no effort to map it to a job skill. It is PURELY CONCEPTUAL. It will make reference to a specific NIST document, but it will not put any context to statements, the graphics are average to poor and generally the book puts you to sleep. I recommend a third party book if you are preparing for the exam or a 3rd party class if you are attempting to gain the skills.

I had a hard time reading this book (I made it ~ 20 pages). There are repeated references to DITSCAP and DIACAP terms that are not used in NIST terminology that drove me crazy. Needless to say I didn't read it at all for the exam. Stuck with the primary references (NIST SP Pubs) and still passed the exam. Seemed like he tried to regurgitate what he had in the DIACAP book with a sprinkling of RMF vernacular.

A good study guide and informative. I wish the book also came with some practice tests on CD or something similar. Also, full copies of the most recent policies and publications that are referenced through out the book would have helped immensely instead of having to spend time finding them on my own, from websites that are usually secured from the average user not working from a DoD network.

Its a read like all ISC books, but the content is pretty straight forward and the flow is logical, I will say that as a DoD IA professional there are some inaccuracies in the book, re: the book states that Physical (DoD 8500 PExx etc..) controls are inherited controls, this is not always true, it depends on the task, as an example, on an Army task I was on doing testing and C&A leading to issuance of an ATO all Physical and Personnel controls were NOT inherited, they were considered shared, shared by the site (in this case TRADOC) and Ft Eustis, both entities shared the responsibility and as the accrediting entity we could not write the controls off as "inherited" they either passed or failed-as directed by the Army ODAA, so as with all INFOSEC/IA/Info Security controls, either DoD 8500 or NIST 800.53, they are often very specific to the site environment, task, and branch and variances do exist, it is not always so cut and dry.

Well written book! I've used this book with my students at the University of Alabama in Huntsville (UAH) to teach the CAP certification course. There are a few things that have changed and as such should be updated, but that is to be expected in the technology field. The idea is that you use this book as a supplement to the published NIST and FIPS guidance.

The theoretical and practical exposition of the book.

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) EPub
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Doc
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) iBooks
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) rtf
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Mobipocket
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Kindle

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF

0 komentar:

Posting Komentar

Popular Posts

Recent Posts

Categories

Unordered List

Text Widget

Blog Archive