A Practical Guide to Security Engineering and Information Assurance
Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.
A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.
The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.
The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.
Chapter 3 Historical Approaches to Information Security and Information Assurance
Chapter 4 Define the System Boundaries
Chapter 5 Perform Vulnerability and Threat Analyses
Chapter 6 Implement Threat Control Measures
Chapter 7 Verify Effectiveness of Threat Control Measures
Chapter 8 Conduct AccidentIncident Investigations
Other editions - View all
accident/incident investigation action Addison-Wesley application application software assessment audit trail authentication components compromise Computer Security contingency plans critical DEF STAN defined developed Digital signatures e-mail Electrical/Electronic/Programmable Electronic Safety-Related Electronic Safety-Related Systems encryption errors evaluated Exhibit fail operational Fail safe/secure failure fault tolerance Firewalls Functional Safety functions/entities hardware hazards HAZOP IA goals IA integrity level IA-critical and IA-related identify implemented Information hiding information security/IA Information Technology Internet Intrusion detection IPSec ISO/IEC likelihood Management mode online banking Open Systems Interconnection operational environment operational procedures operational profiles parameters performed physical security potential protection protocol provides redundant reliability engineering requirements response risk exposure Safety of Electrical/Electronic/Programmable Safety-Critical scenario analysis scenarios security engineering Security Techniques Software Safety specific Standards system entities system resources System Safety TCP/IP reference models TCSEC Techniques and Measures testing threat control measures transaction paths U.K. Ministry U.S. Department verify vulnerabilities and threats