Book description
This book begins with an overview of information systems security, offering the basic underpinnings of information security and concluding with an analysis of risk management. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.
Table of contents
- COVER PAGE
- OTHER INFORMATION SECURITY BOOKS FROM AUERBACH
- TITLE PAGE
- COPYRIGHT PAGE
- DEDICATION
- INTRODUCTION
- I SECURITY CONCEPTS
-
II THE MCCUMBER CUBE METHODOLOGY
- 6: THE MCCUMBER CUBE
- 7: DETERMINING INFORMATION STATES AND MAPPING INFORMATION FLOW
- 8: DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT
-
9: INFORMATION STATE ANALYSIS FOR COMPONENTS AND SUBSYSTEMS
- INTRODUCTION
- SHORTCOMINGS OF CRITERIA STANDARDS FOR SECURITY ASSESSMENTS
- APPLYING THE MCCUMBER CUBE METHODOLOGY FOR PRODUCT ASSESSMENTS
- STEPS FOR PRODUCT AND COMPONENT ASSESSMENT
- INFORMATION FLOW MAPPING
- CUBE DECOMPOSITION BASED ON INFORMATION STATES
- DEVELOP SECURITY ARCHITECTURE
- RECAP OF THE METHODOLOGY FOR SUBSYSTEMS, PRODUCTS, AND COMPONENTS
- REFERENCES
- 10: MANAGING THE SECURITY LIFE CYCLE
-
11: SAFEGUARD ANALYSIS
- INTRODUCTION
- TECHNOLOGY SAFEGUARDS
- PROCEDURAL SAFEGUARDS
- HUMAN FACTORS SAFEGUARDS
- VULNERABILITY-SAFEGUARD PAIRING
- HIERARCHICAL DEPENDENCIES OF SAFEGUARDS
- SECURITY POLICIES AND PROCEDURAL SAFEGUARDS
- DEVELOPING COMPREHENSIVE SAFEGUARDS: THE LESSONS OF THE SHOGUN
- IDENTIFYING AND APPLYING APPROPRIATE SAFEGUARDS
- COMPREHENSIVE SAFEGUARD MANAGEMENT: APPLYING THE MCCUMBER CUBE
- THE ROI OF SAFEGUARDS: DO SECURITY SAFEGUARDS HAVE A PAYOFF?
-
12: PRACTICAL APPLICATIONS OF MCCUMBER CUBE ANALYSIS
- INTRODUCTION
- APPLYING THE MODEL TO GLOBAL AND NATIONAL SECURITY ISSUES
- PROGRAMMING AND SOFTWARE DEVELOPMENT
- USING THE MCCUMBER CUBE IN AN ORGANIZATIONAL INFORMATION SECURITY PROGRAM
- USING THE MCCUMBER CUBE FOR PRODUCT OR SUBSYSTEM ASSESSMENT
- USING THE MCCUMBER CUBE FOR SAFEGUARD PLANNING AND DEPLOYMENT
- TIPS AND TECHNIQUES FOR BUILDING YOUR SECURITY PROGRAM
- ESTABLISHING THE SECURITY PROGRAM: DEFINING YOU
- AVOIDING THE SECURITY COP LABEL
- OBTAINING CORPORATE APPROVAL AND SUPPORT
- CREATING PEARL HARBOR FILES
- DEFINING YOUR SECURITY POLICY
- DEFINING WHAT VERSUS HOW
- SECURITY POLICY: DEVELOPMENT AND IMPLEMENTATION
- REFERENCE
-
III APPENDICES
-
APPENDIX A VULNERABILITIES
- INTRODUCTION
- THE PROBLEM: VULNERABILITY MEANS DIFFERENT THINGS
- THE APPROACH: INTRODUCING A NEW TERM—EXPOSURE
- DISTINGUISHING BETWEEN VULNERABILITIES AND EXPOSURES
- DEFINITION
- SHORT DESCRIPTION
- DEFINITIONS
- RATIONALE
- EXAMPLES
- WHAT IS A CVE CANDIDATE?
- THE TWO WAYS NEW SECURITY ISSUES BECOME CANDIDATES
- HOW LONG IT TAKES FOR CANDIDATES TO BECOME OFFICIAL CVE ENTRIES
- HOW CANDIDATES ARE AFFECTED BY CVE CDS
- THE CANDIDATE NUMBERING PROCESS
- FROM CANDIDATE TO CVE ENTRY
- TO LEARN MORE
- MITRE
- REFERENCE
- APPENDIX B RISK ASSESSMENT METRICS
- APPENDIX C DIAGRAMS AND TABLES
- APPENDIX D OTHER RESOURCES
-
APPENDIX A VULNERABILITIES
Product information
- Title: Assessing and Managing Security Risk in IT Systems
- Author(s):
- Release date: August 2004
- Publisher(s): Auerbach Publications
- ISBN: 9781135488963
You might also like
audiobook
The Design of Everyday Things
First, businesses discovered quality as a key competitive edge; next came science. Now, Donald A. Norman, …
video
Amazon Web Services (AWS), 3rd Edition
18+ Hours of Video Instruction Get intensive, hands-on AWS training with Chad Smith in this 2 …
video
Kubernetes for the Absolute Beginners - Hands-On
Learn how to deploy Kubernetes applications effectively and kick-start your DevOps career with this interactive video …
audiobook
The Art of Leadership
Many people think leadership is a higher calling that resides exclusively with managers who practice or …
