Download Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

The advantages to consider checking out the publications Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) are coming to boost your life top quality. The life top quality will not simply concerning how much understanding you will certainly gain. Even you check out the fun or amusing books, it will certainly assist you to have enhancing life top quality. Really feeling enjoyable will certainly lead you to do something perfectly. Additionally, guide Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) will give you the lesson to take as a good reason to do something. You could not be worthless when reading this publication Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press)

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

Download Ebook Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press)

Presenting this publication in soft data form is actually enjoyable. Yeah, this book will certainly exist in different method, as just what you want to get now. Even this is a soft file; you could enjoy just how guide will influence you. By reading it, you could obtain not just the inspiring publication but likewise the representative most current book collection. Well, exactly what is the book? Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press), as one of the most preferred books in the world. So, you need to review it.

But, after finding this web site you could not be question as well as feel hard any more. It seems that this web site provides the most effective collections of guide to review. When you have an interest in such topic, Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) can be a selection. Wow, like this book a lot. Do you feel the very same? Well, in fact, it's not going to be hard when anticipating this publication as the reading product. After finding the fantastic internet site as this on-line library, we will be so very easy in finding many styles of books.

Also you have the book to review only; it will certainly not make you really feel that your time is really restricted. It is not just regarding the time that can make you feel so wanted to sign up with the book. When you have picked guide to check out, you can save the moment, even few time to constantly read. When you think that the time is not just for obtaining guide, you could take it here. This is why we involve you to offer the easy methods getting guide.

Your perception of this book Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) will certainly lead you to obtain exactly what you exactly need. As one of the inspiring publications, this book will provide the visibility of this leaded Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) to accumulate. Also it is juts soft data; it can be your collective data in gizmo as well as other gadget. The essential is that usage this soft data book Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) to read and also take the benefits. It is what we indicate as publication Official (ISC)2® Guide To The CAP® CBK® ((ISC)2 Press) will certainly boost your thoughts and mind. After that, reviewing publication will certainly likewise boost your life quality a lot better by taking great action in well balanced.

Review

Praise for the popular first edition: This book focuses on the processes that must be employed by an organization to establish a certification and accreditation program based on current federal government criteria… Pat has structured this book to address the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and even a discussion of pitfalls to avoid. As with all of Pat’s work, he provides the reader with practical information on what works and what does not … Even if government certification and accreditation is not your concern, the new ISO 27002 (formerly ISO17799) will require all of us to look for a process to make certification and accreditation bearable. Pat has succeeded in doing just that with this practical and readable book.―Thomas R. Peltier, Peltier Associates, Member of the ISSA Hall of Fame

Read more

About the Author

Patrick D. Howard, CISSP, CISM, is a senior consultant for SecureInfo, a Kratos Company. He has over 40 years experience in security, including 20 years service as a U.S. Army Military Police officer, and has specialized in information security since 1989. Mr. Howard began his service as the Chief Information Security Officer for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado in March 2012. He previously served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland from 2008–2012, and for the Department of Housing and Urban Development from 2005–2008. Mr. Howard was named a Fed 100 winner in 2007, and is the author of three information security books: The Total CISSP Exam Prep Book, 2002; Building and Implementing a Security Certification and Accreditation Program, 2006; and Beyond Compliance: FISMA Principles and Best Practices, 2011. He is a member of the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan. He graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984.

Read more

Product details

Series: (ISC)2 Press

Hardcover: 462 pages

Publisher: Auerbach Publications; 2 edition (July 18, 2012)

Language: English

ISBN-10: 1439820759

ISBN-13: 978-1439820759

Product Dimensions:

7 x 1 x 10 inches

Shipping Weight: 2.2 pounds (View shipping rates and policies)

Average Customer Review:

3.7 out of 5 stars

26 customer reviews

Amazon Best Sellers Rank:

#50,364 in Books (See Top 100 in Books)

OFFICCIAL (ISC)2 GUIDE TO THE CAP CBK, Second EditionBy Patrick D. Howard, CISSP, CISMPublished 2012USBN 978-1-4398-2075Steven EddySept 1, 2017The author has done a great job given the state of the Risk Management Framework (RMF) at the time. He was involved in one of the first RMF assessments which was for the Department of Transportation. This was before the DOD requirement to transition from the DIACAP Certification and Accreditation process to the RMF Assessment and Accreditation (A&A) process. NIST Special Publication 800-37Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems a Security Life Cycle Approach is the overarching document for RMF. The problem with this book is that RMF has matured much since it was written. Assessment and Accreditation have been increasingly automated. The process has become more complicated and complex. Roll names have changed almost entirely. Practical steps required for a modern A&A process are not given. DISA’s Enterprise Mission Assurance Support Service (eMASS) application and website is essential and mandatory in prosecuting a modern A&A effort. eMASS uploads Excel test result spreadsheets and scans, creates the System Security Plan, the POAM, the Implementation Plan, the Risk Assessment Plan (RAR) and the Security Assessment Plan (SAR). Many new roles such as the Security Control Assessor – Reviewer (SCA-R) and Security Control Assessor- Verifier (SCA-V) are not mentioned, although they are two of the most critical roles. The execution of these roles are also accomplished in eMASS.An essential first element in categorizing systems is DoD information technology (IT) is broadly grouped as DoD information systems (IS), platform information technology (PIT) systems. This is not covered. Nor is one of the main advantages of RMF, reciprocity. Reciprocity is the ability to use authorizations of other similar systems to inherit compliance for security controls to a new system, avoiding redundant time and effort. Additionally, in categorization, there are also now categories of Very Low and Very High in addition to the Low, Moderate and High of the past. There is no mention of the Initial Approval to Test, which provides for testing of the system before production development takes place to prove the system concept is workable.FIPS, NIST and CNSS publications need to include titles, and brief summaries early in the book to avoid confusion and tell what subject matter they include in order to make referencing them easier. There is a glossary in the guide, but no acronym list, which is essential particularly in light of the renaming and adding of roles and processes. Inclusion of a compact disc containing a searchable soft copy of the book would be very helpful in studying the subject.Although this book was very well written for its time, it is very much out of date and needs to be updated along with the test it serves. I would not recommend reading or studying this as it will only confuse someone who is currently involved in or wishes to be involved in modern RMF program Assessments and Authorization processes. I have been told that a new test and training materials are being developed by (ISC)2 to update this certification. It is suggested that candidates wait for the new updated test and study materials before studying for the CAP certification. I hope my review will aid them in this effort. In the mean time I would wait for the new material before voyaging forward on a CAPP certification.

I have done most of the material covered in the book as part of my job in the past. The book was somewhat helpful, but as other reviewers have noted some of the material is outdated or otherwise incorrect. Fortunately by studying with the book as well as rereading the appropriate NIST documents I was able to pass the CAP exam the first time I took it.

It reads like a dictionary and is not focused on exam topics. I have been doing this kind of work for years and have been CISSP since 2001. This book was more confusing than helpful because it is written so badly. It is just long winded vague and their is no effort to map it to a job skill. It is PURELY CONCEPTUAL. It will make reference to a specific NIST document, but it will not put any context to statements, the graphics are average to poor and generally the book puts you to sleep. I recommend a third party book if you are preparing for the exam or a 3rd party class if you are attempting to gain the skills.

I had a hard time reading this book (I made it ~ 20 pages). There are repeated references to DITSCAP and DIACAP terms that are not used in NIST terminology that drove me crazy. Needless to say I didn't read it at all for the exam. Stuck with the primary references (NIST SP Pubs) and still passed the exam. Seemed like he tried to regurgitate what he had in the DIACAP book with a sprinkling of RMF vernacular.

A good study guide and informative. I wish the book also came with some practice tests on CD or something similar. Also, full copies of the most recent policies and publications that are referenced through out the book would have helped immensely instead of having to spend time finding them on my own, from websites that are usually secured from the average user not working from a DoD network.

Its a read like all ISC books, but the content is pretty straight forward and the flow is logical, I will say that as a DoD IA professional there are some inaccuracies in the book, re: the book states that Physical (DoD 8500 PExx etc..) controls are inherited controls, this is not always true, it depends on the task, as an example, on an Army task I was on doing testing and C&A leading to issuance of an ATO all Physical and Personnel controls were NOT inherited, they were considered shared, shared by the site (in this case TRADOC) and Ft Eustis, both entities shared the responsibility and as the accrediting entity we could not write the controls off as "inherited" they either passed or failed-as directed by the Army ODAA, so as with all INFOSEC/IA/Info Security controls, either DoD 8500 or NIST 800.53, they are often very specific to the site environment, task, and branch and variances do exist, it is not always so cut and dry.

Well written book! I've used this book with my students at the University of Alabama in Huntsville (UAH) to teach the CAP certification course. There are a few things that have changed and as such should be updated, but that is to be expected in the technology field. The idea is that you use this book as a supplement to the published NIST and FIPS guidance.

The theoretical and practical exposition of the book.

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) EPub
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Doc
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) iBooks
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) rtf
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Mobipocket
Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) Kindle

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF

Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) PDF