Assessing and Managing Security Risk in IT Systems: A Structured Methodology
Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly i...
Đã lưu trong:
Tác giả chính: | |
---|---|
Định dạng: | Sách |
Ngôn ngữ: | English |
Được phát hành: |
CRC Press
2009
|
Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1354 |
Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
---|
id |
oai:scholar.dlu.edu.vn:DLU123456789-1354 |
---|---|
record_format |
dspace |
institution |
Thư viện Trường Đại học Đà Lạt |
collection |
Thư viện số |
language |
English |
description |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments.
Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process.
Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems.
Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes. |
format |
Book |
author |
McCumber, John |
spellingShingle |
McCumber, John Assessing and Managing Security Risk in IT Systems: A Structured Methodology |
author_facet |
McCumber, John |
author_sort |
McCumber, John |
title |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology |
title_short |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology |
title_full |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology |
title_fullStr |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology |
title_full_unstemmed |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology |
title_sort |
assessing and managing security risk in it systems: a structured methodology |
publisher |
CRC Press |
publishDate |
2009 |
url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1354 |
_version_ |
1757657274140065792 |
spelling |
oai:scholar.dlu.edu.vn:DLU123456789-13542009-11-27T09:20:13Z Assessing and Managing Security Risk in IT Systems: A Structured Methodology McCumber, John Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments. Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes. SECURITY CONCEPTS Using Models * Introduction: Understanding, Selecting, and Applying Models * Understanding Assets * Layered Security * Using Models in Security * Security Models for Information Systems * Shortcomings of Models in Security * Security in Context * Reference Defining Information Security * Confidentiality, Integrity, and Availability * Information Attributes * Intrinsic versus Imputed Value * Information as an Asset * The Elements of Security * Security Is Security Only in Context Information as an Asset * Introduction * Determining Value * Managing Information Resources * References Understanding Threat and Its Relation to Vulnerabilities * Introduction * Threat Defined * Analyzing Threat * Assessing Physical Threats * Infrastructure Threat Issues Assessing Risk Variables: The Risk Assessment Process * Introduction * Learning to Ask the Right Questions about Risk * The Basic Elements of Risk in IT Systems * Information as an Asset * Defining Threat for Risk Management * Defining Vulnerabilities for Risk Management * Defining Safeguards for Risk Management * The Risk Assessment Process THE McCUMBER CUBE METHODOLOGY The McCumber Cube * Introduction * The Nature of Information * Critical Information Characteristics * Confidentiality * Integrity * Availability * Security Measures * Technology * Policy and Practice * Education, Training, and Awareness (Human Factors) * The Model * References Determining Information States and Mapping * Information Flow * Introduction * Information States: A Brief Historical Perspective * Automated Processing: Why Cryptography Is Not Sufficient * Simple State Analysis * Information States in Heterogeneous Systems * Boundary Definition * Decomposition of Information States * Developing an Information State Map * Reference Decomposing the Cube for Security Enforcement * Introduction * A Word about Security Policy * Definitions * The McCumber Cube Methodology * The Transmission State * The Storage State * The Processing State * Recap of the Methodology Information State Analysis for Components and Subsystems * Introduction * Shortcomings of Criteria Standards for Security Assessments * Applying the McCumber Cube Methodology for Product * Assessments * Steps for Product and Component Assessment * Information Flow Mapping * Cube Decomposition Based on Information States * Develop Security Architecture * Recap of the Methodology for Subsystems, Products, and * Components * References Managing the Security Life Cycle * Introduction Safeguard Analysis * Introduction * Technology Safeguards * Procedural Safeguards * Human Factors Safeguards * Assessing and Managing Security Risk in IT Systems * Vulnerability-Safeguard Pairing * Hierarchical Dependencies of Safeguards * Security Policies and Procedural Safeguards * Developing Comprehensive Safeguards: The Lessons of the Shogun * Identifying and Applying Appropriate Safeguards * Comprehensive Safeguard Management: Applying the * McCumber Cube * The ROI of Safeguards: Do Security Safeguards Have a Payoff? Practical Applications of McCumber Cube Analysis * Introduction * Applying the Model to Global and National Security Issues * Programming and Software Development * Using the McCumber Cube in an Organizational Information * Security Program * Using the McCumber Cube for Product or Subsystem Assessment * Using the McCumber Cube for Safeguard Planning and Deployment * Tips and Techniques for Building Your Security Program * Establishing the Security Program: Defining You * Avoiding the Security Cop Label * Obtaining Corporate Approval and Support * Creating Pearl Harbor Files * Defining Your Security Policy * Defining What versus How * Security Policy: Development and Implementation * Reference SECTION III APPENDICES Appendix A Vulnerabilities Appendix B Risk Assessment Metrics Appendix C Diagrams and Tables Appendix D Other Resources 2009-11-27T09:20:13Z 2009-11-27T09:20:13Z 2004 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1354 en application/octet-stream CRC Press |