3: INFORMATION AS AN ASSET

INTRODUCTION

The art and science of security requires a complete understanding of the value of the assets requiring protection. The asset under scrutiny is primarily the information transmitted, stored, and processed by the organization. Secondarily, the computer and telecommunications resources themselves require protection; a significant component of that can and will be addressed by applying of the McCumber Cube approach.

One of the simplest ways to understand what an organization values and how it then labels its information resources is to look at an example used for decades, the U.S. military. In government parlance, information value is defined by broad categories such as unclassified, sensitive, secret, and ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Assessing and Managing Security Risk in IT Systems by John McCumber

3: INFORMATION AS AN ASSET

INTRODUCTION

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly