Asset–Security Goals Continuum: A Process for Security

Margarita Maria Lenk, Colorado State University

Introduction

Building Your Security Team

Asset–Security Continuum

Identifying and Classifying Assets

Identifying Risks, Threats, and Probable Losses

Calculating the Maximum Cost of Controls

Types of Security Controls

Security Goals

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

This chapter models a process for a security team to utilize in designing, implementing, and maintaining Internet-related distributed systems security. The position taken by this chapter is that security is best framed as a complex, continuous process rather than as a one-time solution, product, or state. Security failures may occur from a variety of sources such as unauthorized access, unauthorized activities, restricted resources, changing technologies, human errors (fatigue, illness, lack of training or supervision, etc.), a lack of qualified IT staff, and poor communication between the IT staff and top management (Allen, 2001; Garfinkel & Spafford, 2001; IOMA, 2000; SANS, 2002; Stein, 1999). Security affects many different stakeholders who have unique priorities for and valuations of the assets that they desired to be secured. Finally, the effectiveness of security for a distributed system is often determined by the weakest link or piece in the system, rather than the sum of the system strengths. The task for security teams, then, involves not only designing an efficient ...