PDF Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
Do not make you feel hard when looking for publication that you will check out to save your time. Book is always prominent in every time, every era, and also every age. All people will require book as referral to do something. When you have no ideas about just what to do in this spare time, get Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) as one of the reference books that we supply! Offering special publications are so enjoyable for us. It is so very easy to provide kindness for everyone.
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
PDF Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
Make use of the sophisticated modern technology that human creates now to find guide Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) quickly. However first, we will certainly ask you, just how much do you love to check out a book Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) Does it always until coating? For what does that book read? Well, if you actually enjoy reading, try to review the Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) as one of your reading collection. If you only read the book based on demand at the time as well as unfinished, you should attempt to like reading Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) initially.
Yeah, when trying to review a new book as this Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press), you could begin with specific time as well as place. Structure interest in reading this publication or every publication is needed. The soft file of this book that is supplied will be conserved in such specific library. If you really have ready to read it, just adhere to the compassion of the life. It will certainly boost your quality of the life nevertheless is the duty. To see exactly how you can get guide, this is much suggested to as soon as possible. You could take different time of the begin to review.
Checking out most definitely this publication can create the specific requirement and also severe means to go through and also overcome this trouble. Book as a home window of the world can have the exact circumstance of exactly how this book exists. Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) as we suggest being prospect to review has some developments. Besides it is seen from very same topic as you require, it has likewise fascinating title to check out. You could also see how the design of the cover is stylised. They are really well done without disappointment.
Thinking about guide Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) to read is likewise needed. You can decide on the book based upon the preferred styles that you like. It will certainly engage you to like reviewing various other publications Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) It can be likewise about the necessity that binds you to check out the book. As this Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press), you can find it as your reading publication, even your favourite reading publication. So, locate your favourite publication right here and also obtain the connect to download and install the book soft data.
Review
Praise for the popular first edition: This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria… Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat’s work, he provides the reader with practical information on what works and what does not … Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.―Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame
Read more
About the Author
Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008–2012, and for the Department of Housing and Urban Development from 2005–2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book, 2002; Building and Implementing a Security Certification and Accreditation Program, 2006; and Beyond Compliance: FISMA Principles and Best Practices, 2011. He is a member of the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984.
Read more
Product details
Series: (ISC)2 Press
Hardcover: 462 pages
Publisher: Auerbach Publications; 2 edition (July 18, 2012)
Language: English
ISBN-10: 1439820759
ISBN-13: 978-1439820759
Product Dimensions:
7 x 1 x 10 inches
Shipping Weight: 2.2 pounds (View shipping rates and policies)
Average Customer Review:
3.7 out of 5 stars
26 customer reviews
Amazon Best Sellers Rank:
#50,364 in Books (See Top 100 in Books)
OFFICCIAL (ISC)2 GUIDE TO THE CAP CBK, Second EditionBy Patrick D. Howard, CISSP, CISMPublished 2012USBN 978-1-4398-2075Steven EddySept 1, 2017The author has done a great job given the state of the Risk Management Framework (RMF) at the time. He was involved in one of the first RMF assessments which was for the Department of Transportation. This was before the DOD requirement to transition from the DIACAP Certification and Accreditation process to the RMF Assessment and Accreditation (A&A) process. NIST Special Publication 800-37Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems a Security Life Cycle Approach is the overarching document for RMF. The problem with this book is that RMF has matured much since it was written. Assessment and Accreditation have been increasingly automated. The process has become more complicated and complex. Roll names have changed almost entirely. Practical steps required for a modern A&A process are not given. DISA’s Enterprise Mission Assurance Support Service (eMASS) application and website is essential and mandatory in prosecuting a modern A&A effort. eMASS uploads Excel test result spreadsheets and scans, creates the System Security Plan, the POAM, the Implementation Plan, the Risk Assessment Plan (RAR) and the Security Assessment Plan (SAR). Many new roles such as the Security Control Assessor – Reviewer (SCA-R) and Security Control Assessor- Verifier (SCA-V) are not mentioned, although they are two of the most critical roles. The execution of these roles are also accomplished in eMASS.An essential first element in categorizing systems is DoD information technology (IT) is broadly grouped as DoD information systems (IS), platform information technology (PIT) systems. This is not covered. Nor is one of the main advantages of RMF, reciprocity. Reciprocity is the ability to use authorizations of other similar systems to inherit compliance for security controls to a new system, avoiding redundant time and effort. Additionally, in categorization, there are also now categories of Very Low and Very High in addition to the Low, Moderate and High of the past. There is no mention of the Initial Approval to Test, which provides for testing of the system before production development takes place to prove the system concept is workable.FIPS, NIST and CNSS publications need to include titles, and brief summaries early in the book to avoid confusion and tell what subject matter they include in order to make referencing them easier. There is a glossary in the guide, but no acronym list, which is essential particularly in light of the renaming and adding of roles and processes. Inclusion of a compact disc containing a searchable soft copy of the book would be very helpful in studying the subject.Although this book was very well written for its time, it is very much out of date and needs to be updated along with the test it serves. I would not recommend reading or studying this as it will only confuse someone who is currently involved in or wishes to be involved in modern RMF program Assessments and Authorization processes. I have been told that a new test and training materials are being developed by (ISC)2 to update this certification. It is suggested that candidates wait for the new updated test and study materials before studying for the CAP certification. I hope my review will aid them in this effort. In the mean time I would wait for the new material before voyaging forward on a CAPP certification.
I have done most of the material covered in the book as part of my job in the past. The book was somewhat helpful, but as other reviewers have noted some of the material is outdated or otherwise incorrect. Fortunately by studying with the book as well as rereading the appropriate NIST documents I was able to pass the CAP exam the first time I took it.
It reads like a dictionary and is not focused on exam topics. I have been doing this kind of work for years and have been CISSP since 2001. This book was more confusing than helpful because it is written so badly. It is just long winded vague and their is no effort to map it to a job skill. It is PURELY CONCEPTUAL. It will make reference to a specific NIST document, but it will not put any context to statements, the graphics are average to poor and generally the book puts you to sleep. I recommend a third party book if you are preparing for the exam or a 3rd party class if you are attempting to gain the skills.
I had a hard time reading this book (I made it ~ 20 pages). There are repeated references to DITSCAP and DIACAP terms that are not used in NIST terminology that drove me crazy. Needless to say I didn't read it at all for the exam. Stuck with the primary references (NIST SP Pubs) and still passed the exam. Seemed like he tried to regurgitate what he had in the DIACAP book with a sprinkling of RMF vernacular.
A good study guide and informative. I wish the book also came with some practice tests on CD or something similar. Also, full copies of the most recent policies and publications that are referenced through out the book would have helped immensely instead of having to spend time finding them on my own, from websites that are usually secured from the average user not working from a DoD network.
Its a read like all ISC books, but the content is pretty straight forward and the flow is logical, I will say that as a DoD IA professional there are some inaccuracies in the book, re: the book states that Physical (DoD 8500 PExx etc..) controls are inherited controls, this is not always true, it depends on the task, as an example, on an Army task I was on doing testing and C&A leading to issuance of an ATO all Physical and Personnel controls were NOT inherited, they were considered shared, shared by the site (in this case TRADOC) and Ft Eustis, both entities shared the responsibility and as the accrediting entity we could not write the controls off as "inherited" they either passed or failed-as directed by the Army ODAA, so as with all INFOSEC/IA/Info Security controls, either DoD 8500 or NIST 800.53, they are often very specific to the site environment, task, and branch and variances do exist, it is not always so cut and dry.
Well written book! I've used this book with my students at the University of Alabama in Huntsville (UAH) to teach the CAP certification course. There are a few things that have changed and as such should be updated, but that is to be expected in the technology field. The idea is that you use this book as a supplement to the published NIST and FIPS guidance.
The theoretical and practical exposition of the book.
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) EPub
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Doc
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) iBooks
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) rtf
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Mobipocket
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Kindle
0 komentar:
Posting Komentar