A Practical Guide to Security Engineering and Information Assurance: 1st Edition (Hardback) book cover

A Practical Guide to Security Engineering and Information Assurance

1st Edition

By Debra S. Herrmann

Auerbach Publications

408 pages | 60 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849311635
pub: 2001-10-18
$135.00
x


FREE Standard Shipping!

Description

Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.

A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.

The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.

The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

Table of Contents

Introduction

Background

Purpose

Scope

Intended Audience

Organization

What is Information Assurance, How Does it Relate to Information Security, and Why Are Both Needed?

Definition

Application Domains

Technology Domains

Importance

Stakeholders

Summary

Discussion Problems

Historical Approaches to Information Security and Information Assurance

Physical Security

Communications Security (COMSEC)

Computer Security (COMPUSEC)

Information Security (INFOSEC)

Operations Security (OPSEC)

System Safety

System Reliability

Summary

Discussion Problems

Define the System Boundaries

Determine What is Being Protected and Why

Identify the System

Characterize System Operation

Ascertain What You Do/Do Not Have Control Over

Summary

Discussion Problems

Perform Vulnerability and Threat Analyses

Definitions

Select/Use IA Analysis Techniques

Identify Vulnerabilities, Their Type, Source, and Severity

Identify Threats, Their Type, Source, and Likelihood

Evaluate Transaction Paths, Critical Threat Zones, and Risk Exposure

Summary

Discussion Problems

Implement Threat Control Measures

Determine How Much Protection is Needed

Operational Procedures, In-Service Considerations, Controllability

Contingency Planning and Disaster Recovery

Perception Management

Select/Implement IA Design Features and Techniques

Summary

Discussion Problems

Verify Effectiveness of Threat Control Measures

Select/Employ IA Verification Techniques

Determine Residual Risk

Monitor Ongoing Risk Exposure, Responses, and Survivability

Summary

Discussion Problems

Conduct Accident/Incident Investigations

Introduction

Analyze Cause, Extent, and Consequences of Failure/Compromise

Initiate Short-term Recovery Mechanisms

Report Accident/Incident

Deploy Long-term Remedial Measures

Evaluate Legal Issues

Summary

Discussion Problems

Annex A - Glossary of Terms

Annex B - Glossary of Techniques

Annex C - Additional Resources

Annex D - Summary of the components, activities, and tasks of an effective information security/IA program

Index

Subject Categories

BISAC Subject Codes/Headings:
BUS087000
BUSINESS & ECONOMICS / Production & Operations Management
COM043000
COMPUTERS / Networking / General
COM053000
COMPUTERS / Security / General