Assessing and Managing Security Risk in It Systems A Structured Methodology

ISBN-10: 0849322324
ISBN-13: 9780849322327
Edition: 2004
Authors: Laurie Kelly
List price: $79.95 Buy it from $30.95
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: This book begins with an overview of information systems security, offering the basic underpinnings of information security and concluding with an analysis of risk management. Part II describes the McCumber Cube, providing the original paper from  More...

New Starting from $87.20
eBooks Starting from $31.98
Rent
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
You could win $10,000

Get an entry for every item you buy, rent, or sell.

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Periodic Table Online content $4.95 $1.99
Add to cart
Study Briefs
Medical Terminology Online content $4.95 $1.99
Add to cart
Study Briefs
SQL Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $79.95
Copyright year: 2004
Publisher: Auerbach Publishers, Incorporated
Publication date: 8/12/2004
Binding: Hardcover
Pages: 288
Size: 6.00" wide x 9.25" long x 0.75" tall
Weight: 1.408
Language: English

This book begins with an overview of information systems security, offering the basic underpinnings of information security and concluding with an analysis of risk management. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.

Security Concepts
Using Models
Introduction: Understanding, Selecting, and Applying Models
Understanding Assets
Layered Security
Using Models in Security
Security Models for Information Systems
Shortcomings of Models in Security
Security in Context
Reference
Defining Information Security
Confidentiality, Integrity, and Availability
Information Attributes
Intrinsic versus Imputed Value
Information as an Asset
The Elements of Security
Confidentiality
Integrity
Availability
Security Is Security Only in Context
Information as an Asset
Introduction
Determining Value
Managing Information Resources
References
Understanding Threat and Its Relation to Vulnerabilities
Introduction
Threat Defined
Analyzing Threat
Assessing Physical Threats
Infrastructure Threat Issues
Assessing Risk Variables: The Risk Assessment Process
Introduction
Learning to Ask the Right Questions about Risk
The Basic Elements of Risk in IT Systems
Information as an Asset
Defining Threat for Risk Management
Defining Vulnerabilities for Risk Management
Defining Safeguards for Risk Management
The Risk Assessment Process
The McCumber Cube Methodology
The McCumber Cube
Introduction
The Nature of Information
Critical Information Characteristics
Confidentiality
Integrity
Availability
Security Measures
Technology
Policy and Practice
Education, Training, and Awareness (Human Factors)
The Model
Overview
Use of the Model
References
Determining Information States and Mapping Information Flow
Introduction
Information States: A Brief Historical Perspective
Automated Processing: Why Cryptography Is Not Sufficient
Simple State Analysis
Information States in Heterogeneous Systems
Boundary Definition
Decomposition of Information States
Defining the Boundary
Make an Inventory of All IT Resources
Decompose and Identify Information States
Developing an Information State Map
Reference
Decomposing the Cube for Security Enforcement
Introduction
A Word about Security Policy
Definitions
The McCumber Cube Methodology
The Transmission State
Transmission: Confidentiality
Transmission: Integrity
Transmission: Availability
The Storage State
Storage: Confidentiality
Storage: Integrity
Storage: Availability
The Processing State
Processing: Confidentiality
Processing: Integrity
Processing: Availability
Recap of the Methodology
Information State Analysis for Components and Subsystems
Introduction
Shortcomings of Criteria Standards for Security Assessments
Applying the McCumber Cube Methodology for Product Assessments
Steps for Product and Component Assessment
Information Flow Mapping
Define the Boundary
Take an Inventory of Information Resources and Components
Decompose and Identify All Information States
Cube Decomposition Based on Information States
Call Out the Information State Column
Decompose Blocks by Attribute
Identify Existing and Potential Vulnerabilites
Develop Security Architecture
Describe Required Safeguards
Cost Out Architecture Components and Enforcement Mechanisms
Recap of the Methodology for Subsystems, Products, and Components
References
Managing the Security Life Cycle
Introduction
Safeguard Analysis
Introduction
Technology Safeguards
Procedural Safeguards
Human Factors Safeguards
Vulnerability-Safeguard Pairing
Hierarchical Dependencies of Safeguards
Security Policies and Procedural Safeguards
Developing Comprehensive Safeguards: The Lessons of the Shogun
Identifying and Applying Appropriate Safeguards
Comprehensive Safeguard Management: Applying the McCumber Cube
The ROI of Safeguards: Do Security Safeguards Have a Payoff?
Practical Applications of McCumber Cube Analysis
Introduction
Applying the Model to Global and National Security Issues
Programming and Software Development
Using the McCumber Cube in an Organizational Information Security Program
Using the McCumber Cube for Product or Subsystem Assessment
Using the McCumber Cube for Safeguard Planning and Deployment
Tips and Techniques for Building Your Security Program
Establishing the Security Program: Defining You
Avoiding the Security Cop Label
Obtaining Corporate Approval and Support
Creating Pearl Harbor Files
Defining Your Security Policy
Defining What versus How
Security Policy: Development and Implementation
Reference
Appendices
Vulnerabilities
Risk Assessment Metrics
Diagrams and Tables
Other Resources
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×