product iamge

Assessing and Managing Security Risk in IT Systems: A Structured Methodology

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

The book essentially describes the McCumber Cube information security methodology. And the McCumber Cube methodology is indeed interesting and worth the read. Unfortunately, the author wrote around it a whole book! In the first part the author describes the bases on the information security and relates it to the McCumber Cube (without really describing what the Cube is! Luckily, the hardcover has a picture of it.) In the second part he dwelves in a little more detail of the McCumber Cube methodology, repeating again and again the same concepts, just with slight viewpoint variations. Obviously his methodology is described as superior to any other methodology! While he makes a few good points, often he just states this without really comparing it to the other technologies. Worth the read if you have time to spare... it indeed has a few interesting ideas and viewpoints. If only they were expressed in a tenth of the space!

Author(s): John McCumber
Edition: 1
Publisher: Auerbach Publications
Year: 2004

Language: English
Pages: 290

Front cover......Page 1
CONTENTS......Page 8
FOREWORD......Page 12
INTRODUCTION......Page 16
SECTION I: SECURITY CONCEPTS......Page 28
CHAPTER 1. USING MODELS......Page 30
CHAPTER 2. DEFINING INFORMATION SECURITY......Page 50
CHAPTER 3. INFORMATION AS AN ASSET......Page 68
CHAPTER 4. UNDERSTANDING THREAT AND ITS RELATION TO VULNERABILITIES......Page 84
CHAPTER 5. ASSESSING RISK VARIABLES: THE RISK ASSESSMENT PROCESS......Page 98
PART II: THE McCUMBER CUBE METHODOLOGY......Page 124
CHAPTER 6. THE McCUMBER CUBE......Page 126
CHAPTER 7. DETERMINING INFORMATION STATES AND MAPPING INFORMATION FLOW......Page 138
CHAPTER 8. DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT......Page 158
CHAPTER 9. INFORMATION STATE ANALYSIS FOR COMPONENTS AND SUBSYSTEMS......Page 180
CHAPTER 10. MANAGING THE SECURITY LIFE CYCLE......Page 192
CHAPTER 11. SAFEGUARD ANALYSIS......Page 204
CHAPTER 12. PRACTICAL APPLICATIONS OF McCUMBER CUBE ANALYSIS......Page 224
SECTION III: APPENDICES......Page 248
Appendix A: VULNERABILITIES......Page 250
Appendix B: RISK ASSESSMENT METRICS......Page 262
Appendix C: DIAGRAMS AND TABLES......Page 272
Appendix D: OTHER RESOURCES......Page 278
INDEX......Page 282
Back cover......Page 290