Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology
Understanding an organization?s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce th...
| Autor Corporativo: | |
|---|---|
| Otros Autores: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Santa Monica, CA :
Rand
2003.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009426437106719 |
Tabla de Contenidos:
- Cover; PREFACE; CONTENTS; FIGURES; TABLES; SUMMARY; ACKNOWLEDGMENTS; ACRONYMS; Chapter One INTRODUCTION; WHO SHOULD USE THE VAM METHODOLOGY?; PREVIOUS RESEARCH; STRUCTURE OF THIS REPORT; Chapter Two CONCEPTS AND DEFINITIONS; SECURITY; INFORMATION SYSTEMS; SYSTEM OBJECT TYPES; ATTRIBUTES AS SOURCES OF VULNERABILITIES; Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT; OVERVIEW OF THE VAM METHODOLOGY; OTHER DoD VULNERABILITY ASSESSMENT METHODOLOGIES; OCTAVE; ISO/IEC 15408: Common Criteria; ISO/IEC 17799: Code of Practice for Information Security Management
- Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTSVULNERABILITY ATTRIBUTE CATEGORIES; A VULNERABILITY CHECKLIST AND EXAMPLE; DESCRIPTION OF VULNERABILITY ATTRIBUTES; HOW VULNERABILITY PROPERTIES COMBINE IN COMMON THREATS; Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES; SECURITY TECHNIQUE CATEGORIES AND EXAMPLES; HOW SECURITY TECHNIQUES COMBINE IN COMMON SECURITY APPROACHES; Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES; MAPPING VULNERABILITIES TO SECURITY TECHNIQUES; REFINING THE SECURITY SUGGESTIONS; EXAMPLE SECURITY OPTIONS ARISING FROM THE USE OF THE METHODOLOGY
- Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOLINITIAL STEPS PERFORMED MANUALLY; VULNERABILITIES GUIDED BY AND RECORDED ON A FORM; THE RISK ASSESSMENT AND MITIGATION SELECTION SPREADSHEET; Chapter Eight NEXT STEPS AND DISCUSSION; FUTURE CHALLENGES AND OPPORTUNITIES; WHAT VULNERABILITY WILL FAIL OR BE ATTACKED NEXT?; USABILITY ISSUES; WHY PERFORM SECURITY ASSESSMENTS?; Chapter Nine SUMMARY AND CONCLUSIONS; Appendix VULNERABILITY TO MITIGATION MAP VALUES; BIBLIOGRAPHY
