| 000 | 03868cam a2200577 i 4500 | ||
|---|---|---|---|
| 001 | rnd000000000071852 | ||
| 003 | RAND | ||
| 005 | 20160615135114.0 | ||
| 008 | 031125s2003 caua b 000 0 eng d | ||
| 010 | _a 2003012342 | ||
| 020 | _a0833034340 (pbk.) | ||
| 020 | _a0833035991 (electronic bk.) | ||
| 020 | _a9780833034342 | ||
| 020 | _a9780833035998 (electronic bk.) | ||
| 027 | _aRAND/MR-1601-DARPA | ||
| 035 | _a(Sirsi) a441334 | ||
| 037 |
_c$24.00 _fpaperback |
||
| 040 |
_aCstmoR _cCstmoR |
||
| 043 | _an-us--- | ||
| 049 | _aAlfaisal Main Library | ||
| 050 | 0 | 0 |
_aQA76.9.A25 _bF525 2003 |
| 245 | 0 | 0 |
_aFinding and fixing vulnerabilities in information systems : _bthe vulnerability assessment and mitigation methodology / _cPhilip S. Anton ... [et al.]. |
| 264 | 1 |
_aSanta Monica, CA : _bRAND, _c2003. |
|
| 300 |
_axxvi, 117 pages : _billustrations ; _c28 cm |
||
| 336 |
_atext _btxt _2rdacontent |
||
| 337 |
_acomputer _bc _2rdamedia |
||
| 337 |
_aunmediated _bn _2rdamedia |
||
| 338 |
_aonline resource _bcr _2rdacarrier |
||
| 338 |
_avolume _bnc _2rdacarrier |
||
| 500 | _a"National Defense Research Institute." | ||
| 504 | _aIncludes bibliographical references (p.115-117). | ||
| 505 | 0 | _aIntroduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values. | |
| 520 | _aUnderstanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers. | ||
| 530 | _aAlso available on the internet via WWW in PDF format. | ||
| 650 | 0 |
_aCommand and control systems _xSecurity measures _zUnited States. |
|
| 650 | 0 |
_aComputer networks _xSecurity measures _zUnited States. |
|
| 650 | 0 |
_aInformation services _xSecurity measures _zUnited States. |
|
| 650 | 0 |
_aInformation superhighway _xSecurity measures _zUnited States. |
|
| 650 | 0 |
_aInformation warfare _zUnited States. |
|
| 650 | 0 |
_aNational security _zUnited States. |
|
| 650 | 0 | _aRisk assessment. | |
| 651 | 0 |
_aUnited States _xDefenses. |
|
| 655 | 7 |
_aElectronic books. _2local |
|
| 700 | 1 |
_aAntón, Philip S. _eauthor. |
|
| 700 | 1 |
_aAnderson, Robert H. _q(Robert Helms), _d1939- _eauthor. |
|
| 700 | 1 |
_aMesic, Richard, _d1943- _eauthor. |
|
| 700 | 1 |
_aScheiern, Michael L. _eauthor. |
|
| 710 | _aRand eBooks. | ||
| 856 | 4 | 0 | _uhttp://ezproxy.alfaisal.edu/login?url=http://www.rand.org/publications/MR/MR1601/ |
| 942 |
_2lcc _cEBOOKS |
||
| 999 |
_c300488 _d300488 |
||