Assessing and Managing Security Risk in It Systems A Structured Methodology

ISBN-10: 0849322324

ISBN-13: 9780849322327

Edition: 2004

Authors: Laurie Kelly

List price: $79.95 Buy it from $14.22 Rent it from $36.34
eBook available
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy


This book begins with an overview of information systems security, offering the basic underpinnings of information security and concluding with an analysis of risk management. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.
Used Starting from $14.22
Rent Starting from $36.34
eBooks Starting from $31.98
Rent eBooks
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Customers also bought

Book details

List price: $79.95
Copyright year: 2004
Publisher: Auerbach Publishers, Incorporated
Publication date: 8/12/2004
Binding: Hardcover
Pages: 288
Size: 6.00" wide x 9.25" long x 0.75" tall
Weight: 1.408
Language: English

Security Concepts
Using Models
Introduction: Understanding, Selecting, and Applying Models
Understanding Assets
Layered Security
Using Models in Security
Security Models for Information Systems
Shortcomings of Models in Security
Security in Context
Defining Information Security
Confidentiality, Integrity, and Availability
Information Attributes
Intrinsic versus Imputed Value
Information as an Asset
The Elements of Security
Security Is Security Only in Context
Information as an Asset
Determining Value
Managing Information Resources
Understanding Threat and Its Relation to Vulnerabilities
Threat Defined
Analyzing Threat
Assessing Physical Threats
Infrastructure Threat Issues
Assessing Risk Variables: The Risk Assessment Process
Learning to Ask the Right Questions about Risk
The Basic Elements of Risk in IT Systems
Information as an Asset
Defining Threat for Risk Management
Defining Vulnerabilities for Risk Management
Defining Safeguards for Risk Management
The Risk Assessment Process
The McCumber Cube Methodology
The McCumber Cube
The Nature of Information
Critical Information Characteristics
Security Measures
Policy and Practice
Education, Training, and Awareness (Human Factors)
The Model
Use of the Model
Determining Information States and Mapping Information Flow
Information States: A Brief Historical Perspective
Automated Processing: Why Cryptography Is Not Sufficient
Simple State Analysis
Information States in Heterogeneous Systems
Boundary Definition
Decomposition of Information States
Defining the Boundary
Make an Inventory of All IT Resources
Decompose and Identify Information States
Developing an Information State Map
Decomposing the Cube for Security Enforcement
A Word about Security Policy
The McCumber Cube Methodology
The Transmission State
Transmission: Confidentiality
Transmission: Integrity
Transmission: Availability
The Storage State
Storage: Confidentiality
Storage: Integrity
Storage: Availability
The Processing State
Processing: Confidentiality
Processing: Integrity
Processing: Availability
Recap of the Methodology
Information State Analysis for Components and Subsystems
Shortcomings of Criteria Standards for Security Assessments
Applying the McCumber Cube Methodology for Product Assessments
Steps for Product and Component Assessment
Information Flow Mapping
Define the Boundary
Take an Inventory of Information Resources and Components
Decompose and Identify All Information States
Cube Decomposition Based on Information States
Call Out the Information State Column
Decompose Blocks by Attribute
Identify Existing and Potential Vulnerabilites
Develop Security Architecture
Describe Required Safeguards
Cost Out Architecture Components and Enforcement Mechanisms
Recap of the Methodology for Subsystems, Products, and Components
Managing the Security Life Cycle
Safeguard Analysis
Technology Safeguards
Procedural Safeguards
Human Factors Safeguards
Vulnerability-Safeguard Pairing
Hierarchical Dependencies of Safeguards
Security Policies and Procedural Safeguards
Developing Comprehensive Safeguards: The Lessons of the Shogun
Identifying and Applying Appropriate Safeguards
Comprehensive Safeguard Management: Applying the McCumber Cube
The ROI of Safeguards: Do Security Safeguards Have a Payoff?
Practical Applications of McCumber Cube Analysis
Applying the Model to Global and National Security Issues
Programming and Software Development
Using the McCumber Cube in an Organizational Information Security Program
Using the McCumber Cube for Product or Subsystem Assessment
Using the McCumber Cube for Safeguard Planning and Deployment
Tips and Techniques for Building Your Security Program
Establishing the Security Program: Defining You
Avoiding the Security Cop Label
Obtaining Corporate Approval and Support
Creating Pearl Harbor Files
Defining Your Security Policy
Defining What versus How
Security Policy: Development and Implementation
Risk Assessment Metrics
Diagrams and Tables
Other Resources
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.