Book description
This book begins with an overview of information systems security, offering the basic underpinnings of information security and concluding with an analysis of risk management. McCumber details how information extracted from this resource can be applied to his assessment processes.
Table of contents
- COVER PAGE
- OTHER INFORMATION SECURITY BOOKS FROM AUERBACH
- TITLE PAGE
- COPYRIGHT PAGE
- DEDICATION
- INTRODUCTION
- I SECURITY CONCEPTS
-
II THE MCCUMBER CUBE METHODOLOGY
- 6: THE MCCUMBER CUBE
- 7: DETERMINING INFORMATION STATES AND MAPPING INFORMATION FLOW
- 8: DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT
-
9: INFORMATION STATE ANALYSIS FOR COMPONENTS AND SUBSYSTEMS
- INTRODUCTION
- SHORTCOMINGS OF CRITERIA STANDARDS FOR SECURITY ASSESSMENTS
- APPLYING THE MCCUMBER CUBE METHODOLOGY FOR PRODUCT ASSESSMENTS
- STEPS FOR PRODUCT AND COMPONENT ASSESSMENT
- INFORMATION FLOW MAPPING
- CUBE DECOMPOSITION BASED ON INFORMATION STATES
- DEVELOP SECURITY ARCHITECTURE
- RECAP OF THE METHODOLOGY FOR SUBSYSTEMS, PRODUCTS, AND COMPONENTS
- REFERENCES
- 10: MANAGING THE SECURITY LIFE CYCLE
-
11: SAFEGUARD ANALYSIS
- INTRODUCTION
- TECHNOLOGY SAFEGUARDS
- PROCEDURAL SAFEGUARDS
- HUMAN FACTORS SAFEGUARDS
- VULNERABILITY-SAFEGUARD PAIRING
- HIERARCHICAL DEPENDENCIES OF SAFEGUARDS
- SECURITY POLICIES AND PROCEDURAL SAFEGUARDS
- DEVELOPING COMPREHENSIVE SAFEGUARDS: THE LESSONS OF THE SHOGUN
- IDENTIFYING AND APPLYING APPROPRIATE SAFEGUARDS
- COMPREHENSIVE SAFEGUARD MANAGEMENT: APPLYING THE MCCUMBER CUBE
- THE ROI OF SAFEGUARDS: DO SECURITY SAFEGUARDS HAVE A PAYOFF?
-
12: PRACTICAL APPLICATIONS OF MCCUMBER CUBE ANALYSIS
- INTRODUCTION
- APPLYING THE MODEL TO GLOBAL AND NATIONAL SECURITY ISSUES
- PROGRAMMING AND SOFTWARE DEVELOPMENT
- USING THE MCCUMBER CUBE IN AN ORGANIZATIONAL INFORMATION SECURITY PROGRAM
- USING THE MCCUMBER CUBE FOR PRODUCT OR SUBSYSTEM ASSESSMENT
- USING THE MCCUMBER CUBE FOR SAFEGUARD PLANNING AND DEPLOYMENT
- TIPS AND TECHNIQUES FOR BUILDING YOUR SECURITY PROGRAM
- ESTABLISHING THE SECURITY PROGRAM: DEFINING YOU
- AVOIDING THE SECURITY COP LABEL
- OBTAINING CORPORATE APPROVAL AND SUPPORT
- CREATING PEARL HARBOR FILES
- DEFINING YOUR SECURITY POLICY
- DEFINING WHAT VERSUS HOW
- SECURITY POLICY: DEVELOPMENT AND IMPLEMENTATION
- REFERENCE
-
III APPENDICES
-
APPENDIX A VULNERABILITIES
- INTRODUCTION
- THE PROBLEM: VULNERABILITY MEANS DIFFERENT THINGS
- THE APPROACH: INTRODUCING A NEW TERM—EXPOSURE
- DISTINGUISHING BETWEEN VULNERABILITIES AND EXPOSURES
- DEFINITION
- SHORT DESCRIPTION
- DEFINITIONS
- RATIONALE
- EXAMPLES
- WHAT IS A CVE CANDIDATE?
- THE TWO WAYS NEW SECURITY ISSUES BECOME CANDIDATES
- HOW LONG IT TAKES FOR CANDIDATES TO BECOME OFFICIAL CVE ENTRIES
- HOW CANDIDATES ARE AFFECTED BY CVE CDS
- THE CANDIDATE NUMBERING PROCESS
- FROM CANDIDATE TO CVE ENTRY
- TO LEARN MORE
- MITRE
- REFERENCE
- APPENDIX B RISK ASSESSMENT METRICS
- APPENDIX C DIAGRAMS AND TABLES
- APPENDIX D OTHER RESOURCES
-
APPENDIX A VULNERABILITIES
Product information
- Title: Assessing and Managing Security Risk in IT Systems
- Author(s):
- Release date: August 2004
- Publisher(s): Auerbach Publications
- ISBN: 9781135488963
You might also like
book
Security Risk Assessment
Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a …
book
The Complete Guide to Cybersecurity Risks and Controls
This book presents the fundamental concepts of information and communication technology (ICT) governance and control. Readers …
book
Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment
Use the guidance in this comprehensive field guide to gain the support of your top executives …
book
Schneier on Security
Presenting invaluable advice from the world's most famous computer security expert, this intensely readable collection features …
