Building A Global Information Assurance Program

Building A Global Information Assurance Program

by Raymond J Curts, Douglas E. Campbell
Released July 2017
Publisher(s): Auerbach Publications
ISBN: 9781135511159

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Governments, their agencies, and businesses are perpetually battling to protect valuable, classified, proprietary, or sensitive information but often find that the restrictions imposed upon them by information security policies and procedures have significant, negative impacts on their ability to function. These government and business entities are beginning to realize the value of information assurance (IA) as a tool to ensure that the right information gets to the right people, at the right time, with a reasonable expectation that it is timely, accurate, authentic, and uncompromised. Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program, Building a Global Information Assurance Program describes the key building blocks of an IA development effort including: Information Attributes, System Attributes, Infrastructure or Architecture, Interoperability, IA Tools, Cognitive Hierarchies, Decision Cycles, Organizational Considerations, Operational Concepts. Because of their extensive and diverse backgrounds, the authors bring a unique perspective to current IT issues. The text presents their proprietary process based on the systems development life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave approach to IA program development, from program planning and design to implementation, support, and phase out. Building a Global Information Assurance Program provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs, and with less risk.

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Acknowledgments
  5. Introduction
  6. Chapter 1: Introduction to Information Assurance
    1. Availability
    2. Integrity
    3. Authentication
    4. Confidentiality
    5. Nonrepudiation
    6. Summary
  7. Chapter 2: Basic Concepts
    1. Attributes
    2. Information Attributes
    3. Pure Information Attributes
    4. Attributes Partially Influenced by the System
    5. Attributes Directly Influenced by the System
    6. System Attributes
    7. The Bottom Line, Revisited
    8. Information Assurance
    9. Commercial Capabilities
    10. Security
    11. Network Views
    12. Risk Management
    13. Information Concepts
    14. Reasoning
    15. Types of Logic
    16. Summary
  8. Chapter 3: Risk, Threat, and Vulnerability Assessments
    1. Why Perform an Assessment?
    2. The New Reality of Risk Management
    3. Risk Management Policy for Tomorrow
    4. Information Systems Risk Management
    5. Risk Assessment
  9. Chapter 4: Overview of Systems Engineering
    1. A Systems Engineering Case Study
    2. Case Study Background
    3. The Mission
    4. The Goal
    5. An Approach Toward a Solution
    6. CASE Tools: A Means of Managing Architectural Information
    7. The Current Process
    8. Maritime Strategy
    9. The Threat
    10. Top-Level Warfare Requirements
    11. Architecture: A System Description
    12. Assessment: How Well Does it Fulfill Requirements?
    13. Shortfalls and Overlaps: Identifying Strengths and Weaknesses
    14. Architectural Options: Making the Right Choices
    15. The Proposed Process
    16. Architecture Development
    17. Architectural Principles
    18. Functional Analysis
    19. Operational Functions
    20. System Functions
    21. Requirements Allocation
    22. Assessment of the Current Architecture
    23. Identification of Shortfalls and Overlaps
    24. Development of Architectural Options
    25. Assessment of Options
    26. Proposed New (Notional) Architecture
    27. System Synthesis
    28. The Need for Maintaining Up-To-Date Documentation
    29. Summary
  10. Chapter 5: Information Assurance Task Force
    1. Requirements Analysis
    2. Functional Analysis
    3. Evaluation and Decision
    4. System Synthesis
    5. Documentation
    6. Concluding Remarks
  11. Chapter 6: Requirements
    1. Beginnings
    2. The Object-Oriented Paradigm
    3. Summary
  12. Chapter 7: Design
    1. Conceptual Architecture Design Principles
    2. Operational Design Considerations
    3. Business Continuity Design Considerations
    4. Concluding Remarks
  13. Chapter 8: Implementation and Testing
    1. IATP Defined
    2. Requirement for an IATP
    3. Management’s Role
    4. Disruption of Service Caused by IATP Implementation
    5. IATP Development
    6. Critical Elements of the IATP
    7. Preliminary Planning: Test Requirements
    8. Test Team
    9. Preparatory Actions: Test Methodology
    10. Concluding Remarks
  14. Chapter 9: Information Assurance Life-Cycle Support and Operational Considerations
    1. The Information Assurance Life-Cycle Methodology
    2. Concluding Remarks: The Information Assurance Life-Cycle Methodology
    3. Operational Considerations
    4. The OODA Loop
  15. Chapter 10: The Information Assurance Center
    1. Introduction
    2. Overview of the Naval Aviation Safety Program
    3. Findings
    4. Recommendations
    5. The National Defense Industrial Association IAC Concept: A Closing Note
  16. Chapter 11: Automated Tools
    1. Internal Vulnerability Scanning/Auditing Tools
    2. Patches and Replacements
    3. Password Enhancing Tools/Authentication and System Security Tools
    4. Password Breaking Tools
    5. Access Control Tools
    6. Logging Tools
    7. Logging Utilities
    8. Intrusion Detection Tools/Network Monitoring Tools
    9. System Status Reporting Tools
    10. Mail Security Tools
    11. Packet Filtering Tools
    12. Firewall Tools
    13. Real-Time Attack Response Tools
    14. Encryption Tools
    15. Host Configuration Tools
    16. Antivirus Tools
    17. Cryptographic Checksum Tools
    18. Miscellaneous Tools
    19. Visualization Tools
    20. I’m Going to Break in and Compromise your Information
    21. A Sampling of Software Tools that Attackers Use
    22. Summary
  17. Chapter 12: Summary
    1. Conclusions and Recommendations
    2. Future Work
  18. Appendix A: Acronyms
  19. Appendix B: Glossary
  20. Appendix C: Links
    1. Best Practices
    2. C&A
    3. CERT/CIRT
    4. Decision Making
    5. Definitions
    6. Education/Training
    7. Infrastructure
    8. Interoperability
    9. Law
    10. Links
    11. Organizations
    12. Publications
    13. Red Teams
    14. Research
    15. Standards
    16. Tools
    17. Viruses
    18. Vulnerabilities
  21. Appendix D: References
  22. About The Authors

Product information

  • Title: Building A Global Information Assurance Program
  • Author(s): Raymond J Curts, Douglas E. Campbell
  • Release date: July 2017
  • Publisher(s): Auerbach Publications
  • ISBN: 9781135511159