Assessing and managing security risk in IT systems : a structured methodology /: a structured methodology. (2005)
- Record Type:
- Book
- Title:
- Assessing and managing security risk in IT systems : a structured methodology /: a structured methodology. (2005)
- Main Title:
- Assessing and managing security risk in IT systems : a structured methodology
- Further Information:
- Note: John McCumber.
- Other Names:
- McCumber, John, 1956-
- Contents:
- SECURITY CONCEPTS; Using Models; Introduction: Understanding, Selecting, and Applying Models; Understanding Assets; Layered Security; Using Models in Security; Security Models for Information Systems; Shortcomings of Models in Security; Security in Context; Reference; Defining Information Security; Confidentiality, Integrity, and Availability; Information Attributes; Intrinsic versus Imputed Value; Information as an AssetThe Elements of Security; Security Is Security Only in Context; Information as an Asset; Introduction; Determining Value; Managing Information Resources; References; Understanding Threat and Its Relation to Vulnerabilities; Introduction; Threat Defined; Analyzing Threat; Assessing Physical Threats; Infrastructure Threat Issues; Assessing Risk Variables: The Risk Assessment Process; Introduction; Learning to Ask the Right Questions about RiskThe Basic Elements of Risk in IT Systems; Information as an Asset; Defining Threat for Risk Management; Defining Vulnerabilities for Risk Management; Defining Safeguards for Risk Management; The Risk Assessment Process; THE McCUMBER CUBE METHODOLOGY; The McCumber Cube; Introduction; The Nature of Information; Critical Information Characteristics; Confidentiality; Integrity; Availability; Security Measures; Technology; Policy and Practice; Education, Training, and Awareness (Human Factors)The Model; References; Determining Information States and Mapping; Information Flow; Introduction; Information States: A BriefSECURITY CONCEPTS; Using Models; Introduction: Understanding, Selecting, and Applying Models; Understanding Assets; Layered Security; Using Models in Security; Security Models for Information Systems; Shortcomings of Models in Security; Security in Context; Reference; Defining Information Security; Confidentiality, Integrity, and Availability; Information Attributes; Intrinsic versus Imputed Value; Information as an AssetThe Elements of Security; Security Is Security Only in Context; Information as an Asset; Introduction; Determining Value; Managing Information Resources; References; Understanding Threat and Its Relation to Vulnerabilities; Introduction; Threat Defined; Analyzing Threat; Assessing Physical Threats; Infrastructure Threat Issues; Assessing Risk Variables: The Risk Assessment Process; Introduction; Learning to Ask the Right Questions about RiskThe Basic Elements of Risk in IT Systems; Information as an Asset; Defining Threat for Risk Management; Defining Vulnerabilities for Risk Management; Defining Safeguards for Risk Management; The Risk Assessment Process; THE McCUMBER CUBE METHODOLOGY; The McCumber Cube; Introduction; The Nature of Information; Critical Information Characteristics; Confidentiality; Integrity; Availability; Security Measures; Technology; Policy and Practice; Education, Training, and Awareness (Human Factors)The Model; References; Determining Information States and Mapping; Information Flow; Introduction; Information States: A Brief Historical Perspective; Automated Processing: Why Cryptography Is Not Sufficient; Simple State Analysis; Information States in Heterogeneous Systems; Boundary Definition; Decomposition of Information States; Developing an Information State Map; Reference; Decomposing the Cube for Security Enforcement; Introduction; A Word about Security Policy; Definitions; The McCumber Cube Methodology; The Transmission State; The Storage State; The Processing State ... … (more)
- Publisher Details:
- Boca Raton, Fla : Auerbach Publications
- Publication Date:
- 2005
- Extent:
- 1 online resource, illustrations
- Subjects:
- 005.8
Computer security
Data protection
Risk assessment
COMPUTERS -- Internet -- Security
COMPUTERS -- Networking -- Security
COMPUTERS -- Security -- General
Computer security
Data protection
Risk assessment
Electronic books - Languages:
- English
- ISBNs:
- 0203490428
9780203490426
9781135488970
1135488975 - Related ISBNs:
- 0849322324
9780849322327
9780203490426 - Notes:
- Note: Includes bibliographical references and index.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.163678
- Ingest File:
- 01_044.xml