Assessing and Managing Security Risk in IT Systems: A Structured Methodology

✍ Scribed by John McCumber

Publisher: Auerbach Publications
Year: 2004
Tongue: English
Leaves: 290
Edition: 1
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

The book essentially describes the McCumber Cube information security methodology.
And the McCumber Cube methodology is indeed interesting and worth the read.

Unfortunately, the author wrote around it a whole book!
In the first part the author describes the bases on the information security and relates it to the McCumber Cube (without really describing what the Cube is! Luckily, the hardcover has a picture of it.)
In the second part he dwelves in a little more detail of the McCumber Cube methodology, repeating again and again the same concepts, just with slight viewpoint variations.

Obviously his methodology is described as superior to any other methodology! While he makes a few good points, often he just states this without really comparing it to the other technologies.

Worth the read if you have time to spare... it indeed has a few interesting ideas and viewpoints.
If only they were expressed in a tenth of the space!

✦ Table of Contents

Front cover......Page 1
CONTENTS......Page 8
FOREWORD......Page 12
INTRODUCTION......Page 16
SECTION I: SECURITY CONCEPTS......Page 28
CHAPTER 1. USING MODELS......Page 30
CHAPTER 2. DEFINING INFORMATION SECURITY......Page 50
CHAPTER 3. INFORMATION AS AN ASSET......Page 68
CHAPTER 4. UNDERSTANDING THREAT AND ITS RELATION TO VULNERABILITIES......Page 84
CHAPTER 5. ASSESSING RISK VARIABLES: THE RISK ASSESSMENT PROCESS......Page 98
PART II: THE McCUMBER CUBE METHODOLOGY......Page 124
CHAPTER 6. THE McCUMBER CUBE......Page 126
CHAPTER 7. DETERMINING INFORMATION STATES AND MAPPING INFORMATION FLOW......Page 138
CHAPTER 8. DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT......Page 158
CHAPTER 9. INFORMATION STATE ANALYSIS FOR COMPONENTS AND SUBSYSTEMS......Page 180
CHAPTER 10. MANAGING THE SECURITY LIFE CYCLE......Page 192
CHAPTER 11. SAFEGUARD ANALYSIS......Page 204
CHAPTER 12. PRACTICAL APPLICATIONS OF McCUMBER CUBE ANALYSIS......Page 224
SECTION III: APPENDICES......Page 248
Appendix A: VULNERABILITIES......Page 250
Appendix B: RISK ASSESSMENT METRICS......Page 262
Appendix C: DIAGRAMS AND TABLES......Page 272
Appendix D: OTHER RESOURCES......Page 278
INDEX......Page 282
Back cover......Page 290

📜 SIMILAR VOLUMES

Assessing and Managing Security Risk in

📁 Assessing and Managing Security Risk in IT Systems: A Structured Methodology

✍ John McCumber 📂 Library 📅 2004 🏛 Auerbach Publications 🌐 English

The book essentially describes the McCumber Cube information security methodology. And the McCumber Cube methodology is indeed interesting and worth the read. Unfortunately, the author wrote around it a whole book! In the first part the author describes the bases on the information security and rel

Intelligent transport systems. Cooperati

📁 Intelligent transport systems. Cooperative ITS. Core system risk assessment methodology

📂 Scientific

Hybrid Securities: Structuring, Pricing

📁 Hybrid Securities: Structuring, Pricing and Risk Assessment

✍ Kamil Liberadzki, Marcin Liberadzki (auth.) 📂 Library 📅 2016 🏛 Palgrave Macmillan UK 🌐 English

The book provides a comprehensive analysis from mathematical, legal and financial perspectives on the pricing of hybrids.

Security Software Development: Assessing

📁 Security Software Development: Assessing and Managing Security Risks

✍ Douglas A. Ashbaugh CISSP 📂 Library 📅 2008 🏛 Auerbach Publications 🌐 English

Examining current trends and problems that have plagued application development for more than a decade, this book provides a foundation for security risk assessment and management during software development. It demonstrates how to achieve greater application security through assessing and managing

Security Risk Assessment: Managing Physi

📁 Security Risk Assessment: Managing Physical and Operational Security

✍ John M. White 📂 Library 📅 2014 🏛 Butterworth-Heinemann 🌐 English

Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a thorough security assessment for any organization. A good security assessment is a fact-finding process that determines an organization's state of security protection. It expose

Security risk assessment : managing phys

📁 Security risk assessment : managing physical and operational security

✍ John M White 📂 Library 📅 2014 🏛 Butterworth-Heinemann, , Elsevier Inc 🌐 English

Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a thorough security assessment for any organization. A good security assessment is a fact-finding process that determines an organization’s state of security protection. It exposes