11: SAFEGUARD ANALYSIS

INTRODUCTION

In the McCumber Cube, safeguards are categorized into three primary groups—technical, procedural, or human factors. Sometimes these safeguard categories are glibly defined as the Three Ps—products, procedures, and people.

Safeguards are most commonly defined as a concept synonymous with security controls and countermeasures. Technically, security controls are defined as the management, operational, and technical controls (safeguards or countermeasures) prescribed for an information system that, taken together, satisfy the specified security requirements and adequately protect the confidentiality, integrity, and availability of the system and its information. The problem with this definition is simply that ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.