Building A Global Information Assurance Program: 1st Edition (Paperback) book cover

Building A Global Information Assurance Program

1st Edition

By Raymond J Curts, Douglas E. Campbell

Auerbach Publications

424 pages | 73 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9780849313684
pub: 2002-12-26
SAVE ~$28.00
Currently out of stock
$140.00
$112.00
x
Hardback: 9781138437005
pub: 2017-07-27
SAVE ~$41.00
$205.00
$164.00
x
eBook (VitalSource) : 9780429225215
pub: 2017-07-27
from $117.00


FREE Standard Shipping!

Description

Governments, their agencies, and businesses are perpetually battling to protect valuable, classified, proprietary, or sensitive information but often find that the restrictions imposed upon them by information security policies and procedures have significant, negative impacts on their ability to function. These government and business entities are beginning to realize the value of information assurance (IA) as a tool to ensure that the right information gets to the right people, at the right time, with a reasonable expectation that it is timely, accurate, authentic, and uncompromised.

Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program, Building a Global Information Assurance Program describes the key building blocks of an IA development effort including:

  • Information Attributes

  • System Attributes

  • Infrastructure or Architecture

  • Interoperability

  • IA Tools

  • Cognitive Hierarchies

  • Decision Cycles

  • Organizational Considerations

  • Operational Concepts

    Because of their extensive and diverse backgrounds, the authors bring a unique perspective to current IT issues. The text presents their proprietary process based on the systems development life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave approach to IA program development, from program planning and design to implementation, support, and phase out. Building a Global Information Assurance Program provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs, and with less risk.

  • Table of Contents

    INTRODUCTION TO INFORMATION ASSURANCE (IA)

    Authentication

    Confidentiality

    Non-repudiation

    BASIC CONCEPTS

    Attributes

    Information Attributes

    Pure Information Attributes

    Attributes Influenced by the System

    System Attributes

    Security Attributes

    Information System Support Planning Principles

    The Bottom Line, Revisited

    Information Assurance (IA)

    Commercial Capabilities

    Security

    Network Views

    Risk Management

    Cognitive Hierarchy

    Types of Logic

    Summary

    RISK, THREAT AND VULNERABILITY

    OVERVIEW OF SYSTEMS ENGINEERING

    A Systems Engineering Case Study

    Case Study Background

    The Mission

    The Goal

    An Approach Toward A Solution

    Case Tools: A Means of Managing Architectural Information

    The Current Process

    Maritime Strategy

    The Threat

    Top Level Warfare Requirements (TLWRs)

    Architecture: A System Description

    Assessment: How Well Does It Fulfill Requirements?

    Shortfalls and Overlaps: Identifying Strengths and Weaknesses

    Architectural Options: Making the Right Choices

    The Proposed Process

    Architecture Development

    Architectural Principles

    Mission Requirements Analysis

    Functional Analysis

    Operational Functions

    System Functions

    Requirements Allocation

    Assessment of the Current Architecture

    Identification of Shortfalls and Overlaps

    Development of Architectural Options

    Assessment of Options

    Proposed New (Notional) Architecture

    System Synthesis

    The Need for Maintaining Up-to-Date Documentation

    Summary

    IA TASK FORCE

    Requirements Analysis

    Functional Analysis

    Evaluation and Decision

    System Synthesis

    Documentation

    Concluding Chapter Remarks

    REQUIREMENTS

    Beginnings

    The Object-Oriented Paradigm

    Summary

    DESIGN

    Operational Design Considerations

    Technology Design Considerations

    Business Continuity Design Considerations

    Concluding Remarks for this Chapter

    IMPLEMENTATION AND TESTING

    IATP Defined

    Requirement for an IATP

    Management's Role

    Disruption of Service Caused by IATP Implementation

    IATP Development

    Critical Elements of the IATP

    Preliminary Planning: Test Requirements

    Test Team

    Preparatory Actions: Test Methodology

    Chapter Concluding Remarks

    IA LIFE CYCLE SUPPORT AND OPERATIONAL CONSIDERATIONS

    The Information Assurance Life Cycle Methodology

    Concluding Remarks for This Section

    THE INFORMATION ASSURANCE CENTER

    Introduction

    Overview of the Naval Aviation Safety Program

    Findings

    Recommendations

    The National Defense Industrial Association (NDIA) IAC Concept: A Closing Note

    AUTOMATED TOOLS

    Internal Vulnerability Scanning/Auditing Tools

    Patches and Replacements

    Password Enhancing Tools/Authentication and System Security Tools

    Password Breaking Tools

    Access Control Tools

    Logging Tools

    Logging Utilities

    Intrusion Detection Tools/Network Monitoring Tools

    System Status Reporting Tools

    Mail Security Tools

    Packet Filtering Tools

    Firewall Tools

    Real-Time Attack Response Tools

    Encryption Tools

    Host Configuration Tools

    Anti-Virus Tools

    Cryptographic Checksum Tools

    Miscellaneous Tools

    Visualization Tools

    I'm Going to Break in and Compromise Your Information

    A Sampling of Software Tools that Attackers Use

    SUMMARY

    Conclusions and Recommendations

    Future Work

    ABOUT THE AUTHORS

    APPENDIXES

    Acronyms

    Glossary

    Links

    References

    Index

    Subject Categories

    BISAC Subject Codes/Headings:
    COM032000
    COMPUTERS / Information Technology
    COM053000
    COMPUTERS / Security / General