Description |
1 online resource (xxvi, 117 pages) : illustrations |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
Series |
Rand note ; MR-1601-DARPA |
|
Rand note ; MR-1601-DARPA.
|
Bibliography |
Includes bibliographical references. |
Contents |
Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values. |
Summary |
Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers. |
Note |
Print version record. |
Access |
Use copy Restrictions unspecified star MiAaHDL |
Reproduction |
Electronic reproduction. [Place of publication not identified]: HathiTrust Digital Library. 2024. MiAaHDL |
System Details |
Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002. http://purl.oclc.org/DLF/benchrepro0212 MiAaHDL |
Processing Action |
digitized 2024. HathiTrust Digital Library committed to preserve pda MiAaHDL |
Subject |
Computer security.
|
|
Data protection.
|
|
Risk assessment.
|
|
Engineering & Applied Sciences.
|
|
Computer Science.
|
|
Sécurité informatique.
|
|
Protection de l'information (Informatique)
|
|
Évaluation du risque.
|
|
risk assessment.
|
|
COMPUTERS -- Internet -- Security.
|
|
COMPUTERS -- Networking -- Security.
|
|
COMPUTERS -- Security -- General.
|
|
TRANSPORTATION -- General.
|
|
Computer security
|
|
Data protection
|
|
Risk assessment
|
|
Computer security.
|
|
Data protection.
|
|
Risk assessment.
|
|
Computer Security |
|
Risk Assessment |
Added Author |
Antón, Philip S.
|
|
United States. Defense Advanced Research Projects Agency.
|
Added Title |
Vulnerability assessment & mitigation methodology |
|
Vulnerability assessment and mitigation methodology |
In: |
Books at JSTOR: Open Access JSTOR |
Other Form: |
Print version: Finding and fixing vulnerabilities in information systems. Santa Monica, CA : Rand, 2003 0833034340 (DLC) 2003012342 (OCoLC)52349150 |
|
Online version: Finding and fixing vulnerabilities in information systems. Santa Monica, CA : Rand, 2003 (OCoLC)1296657985 |
ISBN |
0833035991 (electronic bk.) |
|
9780833035998 (electronic bk.) |
|
0833034340 (pbk.) |
|
9780833034342 (pbk.) |
Standard No. |
AU@ 000050961668 |
|
AU@ 000053227778 |
|
AU@ 000061155435 |
|
DEBBG BV043096954 |
|
DEBBG BV044078090 |
|
DEBSZ 396053971 |
|
DEBSZ 422391255 |
|
GBVCP 1008648558 |
|
GBVCP 801138582 |
|
NZ1 11773902 |
|
NZ1 14234682 |
|
DKDLA 820120-katalog:999938206105765 |
|