8: DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT

INTRODUCTION

The McCumber Cube methodology is a structured process that examines security in the context of information states. This construct is central to the approach. Information is the asset, so security requirements that are defined as simply responses to threat-vulnerability pairs are not sufficient for the assessment and implementation of information security requirements. Vulnerabilities are technical security-relevant issues or exposures (see Chapter 4) that may or may not be problems with the technology system or component. Obviously, because vulnerabilities by definition are technical in nature, they will change with the technology. Some will be noted as programming errors or unnecessary ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Assessing and Managing Security Risk in IT Systems by John McCumber

8: DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT

INTRODUCTION

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly