Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments.Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems.Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.
Cited By
- Goman M Towards unambiguous IT risk definition Proceedings of the Central European Cybersecurity Conference 2018, (1-6)
- Arogundade O, Adeniran O, Jin Z and Xiaoguang Y (2016). Towards Ontological Approach to Security Risk Analysis of Information System, International Journal of Secure Software Engineering, 7:3, (1-25), Online publication date: 1-Jul-2016.
- Myers J (2014). The cheat sheet as pedagogical tool, Journal of Computing Sciences in Colleges, 30:2, (44-51), Online publication date: 1-Dec-2014.
- Dutt V, Ahn Y and Gonzalez C Cyber situation awareness Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy, (280-292)
- Myers J and Riela S (2008). Taming the diversity of information assurance & security, Journal of Computing Sciences in Colleges, 23:4, (173-179), Online publication date: 1-Apr-2008.
- Beachboard J, Cole A, Mellor M, Hernandez S, Aytes K and Massad N A tentative proposal Proceedings of the 3rd annual conference on Information security curriculum development, (194-196)
Index Terms
- Assessing and Managing Security Risk in IT Systems: A Structured Methodology