Coverart for item
The Resource Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology, Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency

Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology, Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency

Label
Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology
Title
Finding and fixing vulnerabilities in information systems
Title remainder
the vulnerability assessment & mitigation methodology
Statement of responsibility
Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency
Title variation
  • Vulnerability assessment & mitigation methodology
  • Vulnerability assessment and mitigation methodology
Contributor
Subject
Language
eng
Summary
Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers
Member of
Cataloging source
N$T
Dewey number
005.8
Illustrations
illustrations
Index
no index present
LC call number
QA76.9.A25
LC item number
F525 2003eb
Literary form
non fiction
Nature of contents
  • dictionaries
  • bibliography
http://library.link/vocab/relatedWorkOrContributorName
  • Antón, Philip S
  • United States
Series statement
Rand note
Series volume
MR-1601-DARPA
http://library.link/vocab/subjectName
  • Computer security
  • Data protection
  • Risk assessment
Label
Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology, Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency
Instantiates
Publication
Antecedent source
unknown
Bibliography note
Includes bibliographical references
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values
Dimensions
unknown
Extent
1 online resource (xxvi, 117 pages)
File format
unknown
Form of item
online
Isbn
9780833035998
Level of compression
unknown
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Other physical details
illustrations.
Quality assurance targets
not applicable
Reformatting quality
unknown
Sound
unknown sound
Specific material designation
remote
Label
Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology, Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency
Publication
Antecedent source
unknown
Bibliography note
Includes bibliographical references
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values
Dimensions
unknown
Extent
1 online resource (xxvi, 117 pages)
File format
unknown
Form of item
online
Isbn
9780833035998
Level of compression
unknown
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Other physical details
illustrations.
Quality assurance targets
not applicable
Reformatting quality
unknown
Sound
unknown sound
Specific material designation
remote

Library Locations

Processing Feedback ...