Free Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
If Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) is one of the alternatives to review guide, you could follow just what we will inform you currently. Finding the book may need even more times when you are browsing from shop to shop. We have brand-new way to lead you get this book quickly. By visiting this page, it comes to be the firsts step to get guide carefully. This page is sort of online library that offers so numerous book collections.
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
Free Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)
Outstanding Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) publication is always being the best pal for investing little time in your workplace, evening time, bus, as well as almost everywhere. It will be an excellent way to just look, open, and review the book Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) while in that time. As known, experience as well as skill do not consistently come with the much money to obtain them. Reading this book with the title Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) will allow you understand a lot more things.
As understood, lots of people say that books are the custom windows for the world. It does not mean that acquiring publication Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) will suggest that you could get this globe. Simply for joke! Reviewing a publication Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) will certainly opened up an individual to believe far better, to maintain smile, to amuse themselves, and to urge the understanding. Every book additionally has their characteristic to affect the viewers. Have you understood why you read this Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) for?
Correct feels, appropriate truths, and proper subjects could come to be the factors of why you read a publication. However, to make you feel so completely satisfied, you could take Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) as one of the resources. It is actually matched to be the reading book for a person like you, who really need sources concerning the subject. The topic is actually flourishing now as well as getting the latest publication could aid you locate the latest answer as well as facts.
To get what you really intend to make, reading this book can be attained every single time you have opportunity to check out. Yeah, reading is a needs to from everyone, not just when you are being in the college. Reading will make you smarter as well as better in knowledge and also lessons. Numerous experiences can be likewise obtained from reading only. So, be a good idea to get all those benefits from Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) to check out and also end up.
Review
Praise for the popular first edition: This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria… Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat’s work, he provides the reader with practical information on what works and what does not … Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.―Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame
Read more
About the Author
Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008–2012, and for the Department of Housing and Urban Development from 2005–2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book, 2002; Building and Implementing a Security Certification and Accreditation Program, 2006; and Beyond Compliance: FISMA Principles and Best Practices, 2011. He is a member of the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984.
Read more
Product details
Series: (ISC)2 Press
Hardcover: 462 pages
Publisher: Auerbach Publications; 2 edition (July 18, 2012)
Language: English
ISBN-10: 1439820759
ISBN-13: 978-1439820759
Product Dimensions:
7 x 1 x 10 inches
Shipping Weight: 2.2 pounds (View shipping rates and policies)
Average Customer Review:
3.7 out of 5 stars
26 customer reviews
Amazon Best Sellers Rank:
#50,364 in Books (See Top 100 in Books)
OFFICCIAL (ISC)2 GUIDE TO THE CAP CBK, Second EditionBy Patrick D. Howard, CISSP, CISMPublished 2012USBN 978-1-4398-2075Steven EddySept 1, 2017The author has done a great job given the state of the Risk Management Framework (RMF) at the time. He was involved in one of the first RMF assessments which was for the Department of Transportation. This was before the DOD requirement to transition from the DIACAP Certification and Accreditation process to the RMF Assessment and Accreditation (A&A) process. NIST Special Publication 800-37Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems a Security Life Cycle Approach is the overarching document for RMF. The problem with this book is that RMF has matured much since it was written. Assessment and Accreditation have been increasingly automated. The process has become more complicated and complex. Roll names have changed almost entirely. Practical steps required for a modern A&A process are not given. DISA’s Enterprise Mission Assurance Support Service (eMASS) application and website is essential and mandatory in prosecuting a modern A&A effort. eMASS uploads Excel test result spreadsheets and scans, creates the System Security Plan, the POAM, the Implementation Plan, the Risk Assessment Plan (RAR) and the Security Assessment Plan (SAR). Many new roles such as the Security Control Assessor – Reviewer (SCA-R) and Security Control Assessor- Verifier (SCA-V) are not mentioned, although they are two of the most critical roles. The execution of these roles are also accomplished in eMASS.An essential first element in categorizing systems is DoD information technology (IT) is broadly grouped as DoD information systems (IS), platform information technology (PIT) systems. This is not covered. Nor is one of the main advantages of RMF, reciprocity. Reciprocity is the ability to use authorizations of other similar systems to inherit compliance for security controls to a new system, avoiding redundant time and effort. Additionally, in categorization, there are also now categories of Very Low and Very High in addition to the Low, Moderate and High of the past. There is no mention of the Initial Approval to Test, which provides for testing of the system before production development takes place to prove the system concept is workable.FIPS, NIST and CNSS publications need to include titles, and brief summaries early in the book to avoid confusion and tell what subject matter they include in order to make referencing them easier. There is a glossary in the guide, but no acronym list, which is essential particularly in light of the renaming and adding of roles and processes. Inclusion of a compact disc containing a searchable soft copy of the book would be very helpful in studying the subject.Although this book was very well written for its time, it is very much out of date and needs to be updated along with the test it serves. I would not recommend reading or studying this as it will only confuse someone who is currently involved in or wishes to be involved in modern RMF program Assessments and Authorization processes. I have been told that a new test and training materials are being developed by (ISC)2 to update this certification. It is suggested that candidates wait for the new updated test and study materials before studying for the CAP certification. I hope my review will aid them in this effort. In the mean time I would wait for the new material before voyaging forward on a CAPP certification.
I have done most of the material covered in the book as part of my job in the past. The book was somewhat helpful, but as other reviewers have noted some of the material is outdated or otherwise incorrect. Fortunately by studying with the book as well as rereading the appropriate NIST documents I was able to pass the CAP exam the first time I took it.
It reads like a dictionary and is not focused on exam topics. I have been doing this kind of work for years and have been CISSP since 2001. This book was more confusing than helpful because it is written so badly. It is just long winded vague and their is no effort to map it to a job skill. It is PURELY CONCEPTUAL. It will make reference to a specific NIST document, but it will not put any context to statements, the graphics are average to poor and generally the book puts you to sleep. I recommend a third party book if you are preparing for the exam or a 3rd party class if you are attempting to gain the skills.
I had a hard time reading this book (I made it ~ 20 pages). There are repeated references to DITSCAP and DIACAP terms that are not used in NIST terminology that drove me crazy. Needless to say I didn't read it at all for the exam. Stuck with the primary references (NIST SP Pubs) and still passed the exam. Seemed like he tried to regurgitate what he had in the DIACAP book with a sprinkling of RMF vernacular.
A good study guide and informative. I wish the book also came with some practice tests on CD or something similar. Also, full copies of the most recent policies and publications that are referenced through out the book would have helped immensely instead of having to spend time finding them on my own, from websites that are usually secured from the average user not working from a DoD network.
Its a read like all ISC books, but the content is pretty straight forward and the flow is logical, I will say that as a DoD IA professional there are some inaccuracies in the book, re: the book states that Physical (DoD 8500 PExx etc..) controls are inherited controls, this is not always true, it depends on the task, as an example, on an Army task I was on doing testing and C&A leading to issuance of an ATO all Physical and Personnel controls were NOT inherited, they were considered shared, shared by the site (in this case TRADOC) and Ft Eustis, both entities shared the responsibility and as the accrediting entity we could not write the controls off as "inherited" they either passed or failed-as directed by the Army ODAA, so as with all INFOSEC/IA/Info Security controls, either DoD 8500 or NIST 800.53, they are often very specific to the site environment, task, and branch and variances do exist, it is not always so cut and dry.
Well written book! I've used this book with my students at the University of Alabama in Huntsville (UAH) to teach the CAP certification course. There are a few things that have changed and as such should be updated, but that is to be expected in the technology field. The idea is that you use this book as a supplement to the published NIST and FIPS guidance.
The theoretical and practical exposition of the book.
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) EPub
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Doc
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) iBooks
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) rtf
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Mobipocket
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Kindle
0 comments:
Post a Comment