Leighton Johnson

Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts.

Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed.

Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members. Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components.