A Practical Guide to Security Engineering and Information Assurance / Edition 1
by Debra S. Herrmann
Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably,
… See more details belowOverview
Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.
A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.
The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world'strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.
The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.
Product Details
- ISBN-13:
- 9780849311635
- Publisher:
- Taylor & Francis
- Publication date:
- 10/28/2001
- Edition description:
- New Edition
- Pages:
- 408
- Product dimensions:
- 7.00(w) x 10.10(h) x 1.20(d)
Table of Contents
Introduction
Background
Purpose
Scope
Intended Audience
Organization
What is Information Assurance, How Does it Relate to Information Security, and Why Are Both Needed?
Definition
Application Domains
Technology Domains
Importance
Stakeholders
Summary
Discussion Problems
Historical Approaches to Information Security and Information Assurance
Physical Security
Communications Security (COMSEC)
Computer Security (COMPUSEC)
Information Security (INFOSEC)
Operations Security (OPSEC)
System Safety
System Reliability
Summary
Discussion Problems
Define the System Boundaries
Determine What is Being Protected and Why
Identify the System
Characterize System Operation
Ascertain What You Do/Do Not Have Control Over
Summary
Discussion Problems
Perform Vulnerability and Threat Analyses
Definitions
Select/Use IA Analysis Techniques
Identify Vulnerabilities, Their Type, Source, and Severity
Identify Threats, Their Type, Source, and Likelihood
Evaluate Transaction Paths, Critical Threat Zones, and Risk Exposure
Summary
Discussion Problems
Implement Threat Control Measures
Determine How Much Protection is Needed
Operational Procedures, In-Service Considerations, Controllability
Contingency Planning and Disaster Recovery
Perception Management
Select/Implement IA Design Features and Techniques
Summary
Discussion Problems
Verify Effectiveness of Threat Control Measures
Select/Employ IA Verification Techniques
Determine Residual Risk
Monitor Ongoing Risk Exposure, Responses, and Survivability
Summary
Discussion Problems
Conduct Accident/Incident Investigations
Introduction
Analyze Cause, Extent, and Consequences of Failure/Compromise
Initiate Short-term Recovery Mechanisms
Report Accident/Incident
Deploy Long-term Remedial Measures
Evaluate Legal Issues
Summary
Discussion Problems
Annex A - Glossary of Terms
Annex B - Glossary of Techniques
Annex C - Additional Resources
Annex D - Summary of the components, activities, and tasks of an effective information security/IA program
Index
Customer Reviews
Average Review: