Finding and fixing vulnerabilities in information systems : : the vulnerability assessment & mitigation methodology / / Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency.
Understanding an organization?s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce th...
Saved in:
| : | |
|---|---|
| TeilnehmendeR: | |
| Year of Publication: | 2003 |
| Edition: | 1st ed. |
| Language: | English |
| Physical Description: | 1 online resource (145 p.) |
| Notes: | Description based upon print version of record. |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| LEADER | 01323nam a22003254a 4500 | ||
|---|---|---|---|
| 001 | 993628471304498 | ||
| 005 | 20200520144314.0 | ||
| 006 | m o d | | ||
| 007 | cr -n--------- | ||
| 008 | 030529s2003 caua ob 000 0 eng | ||
| 020 | |a 0-8330-3599-1 | ||
| 035 | |a (CKB)111090529190274 | ||
| 035 | |a (EBL)197482 | ||
| 035 | |a (OCoLC)70732933 | ||
| 035 | |a (SSID)ssj0000155168 | ||
| 035 | |a (PQKBManifestationID)11946802 | ||
| 035 | |a (PQKBTitleCode)TC0000155168 | ||
| 035 | |a (PQKBWorkID)10099331 | ||
| 035 | |a (PQKB)10581966 | ||
| 035 | |a (Au-PeEL)EBL197482 | ||
| 035 | |a (CaPaEBR)ebr10056172 | ||
| 035 | |a (CaONFJC)MIL289776 | ||
| 035 | |a (MiAaPQ)EBC197482 | ||
| 035 | |a (EXLCZ)99111090529190274 | ||
| 040 | |a MiAaPQ |b eng |e rda |e pn |c MiAaPQ |d MiAaPQ | ||
| 041 | |a eng | ||
| 050 | 4 | |a QA76.9.A25 |b F525 2003 | |
| 082 | 0 | |a 005.8 |2 21 | |
| 245 | 0 | 0 | |a Finding and fixing vulnerabilities in information systems : |b the vulnerability assessment & mitigation methodology / |c Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency. |
| 246 | 3 | 0 | |a Vulnerability assessment & mitigation methodology |
| 246 | 3 | 0 | |a Vulnerability assessment and mitigation methodology |
| 250 | |a 1st ed. | ||
| 260 | |a Santa Monica, CA : |b Rand, |c 2003. | ||
| 300 | |a 1 online resource (145 p.) | ||
| 336 | |a text |b txt | ||
| 337 | |a computer |b c | ||
| 338 | |a online resource |b cr | ||
| 500 | |a Description based upon print version of record. | ||
| 505 | 0 | |a Cover; PREFACE; CONTENTS; FIGURES; TABLES; SUMMARY; ACKNOWLEDGMENTS; ACRONYMS; Chapter One INTRODUCTION; WHO SHOULD USE THE VAM METHODOLOGY?; PREVIOUS RESEARCH; STRUCTURE OF THIS REPORT; Chapter Two CONCEPTS AND DEFINITIONS; SECURITY; INFORMATION SYSTEMS; SYSTEM OBJECT TYPES; ATTRIBUTES AS SOURCES OF VULNERABILITIES; Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT; OVERVIEW OF THE VAM METHODOLOGY; OTHER DoD VULNERABILITY ASSESSMENT METHODOLOGIES; OCTAVE; ISO/IEC 15408: Common Criteria; ISO/IEC 17799: Code of Practice for Information Security Management | |
| 505 | 8 | |a Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTSVULNERABILITY ATTRIBUTE CATEGORIES; A VULNERABILITY CHECKLIST AND EXAMPLE; DESCRIPTION OF VULNERABILITY ATTRIBUTES; HOW VULNERABILITY PROPERTIES COMBINE IN COMMON THREATS; Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES; SECURITY TECHNIQUE CATEGORIES AND EXAMPLES; HOW SECURITY TECHNIQUES COMBINE IN COMMON SECURITY APPROACHES; Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES; MAPPING VULNERABILITIES TO SECURITY TECHNIQUES; REFINING THE SECURITY SUGGESTIONS; EXAMPLE SECURITY OPTIONS ARISING FROM THE USE OF THE METHODOLOGY | |
| 505 | 8 | |a Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOLINITIAL STEPS PERFORMED MANUALLY; VULNERABILITIES GUIDED BY AND RECORDED ON A FORM; THE RISK ASSESSMENT AND MITIGATION SELECTION SPREADSHEET; Chapter Eight NEXT STEPS AND DISCUSSION; FUTURE CHALLENGES AND OPPORTUNITIES; WHAT VULNERABILITY WILL FAIL OR BE ATTACKED NEXT?; USABILITY ISSUES; WHY PERFORM SECURITY ASSESSMENTS?; Chapter Nine SUMMARY AND CONCLUSIONS; Appendix VULNERABILITY TO MITIGATION MAP VALUES; BIBLIOGRAPHY | |
| 520 | |a Understanding an organization?s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce the Vulnerability Assessment and Mitigation methodology, a six-step process that uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. | ||
| 546 | |a English | ||
| 504 | |a Includes bibliographical references. | ||
| 650 | 0 | |a Computer security. | |
| 650 | 0 | |a Data protection. | |
| 650 | 0 | |a Risk assessment. | |
| 776 | |z 0-8330-3434-0 | ||
| 710 | 1 | |a United States. |b Defense Advanced Research Projects Agency. | |
| 700 | 1 | |a Anton, Philip S. | |
| 906 | |a BOOK | ||
| ADM | |b 2024-08-03 14:06:42 Europe/Vienna |f system |c marc21 |a 2012-02-26 00:12:32 Europe/Vienna |g false | ||
| AVE | |i DOAB Directory of Open Access Books |P DOAB Directory of Open Access Books |x https://eu02.alma.exlibrisgroup.com/view/uresolver/43ACC_OEAW/openurl?u.ignore_date_coverage=true&portfolio_pid=5350461200004498&Force_direct=true |Z 5350461200004498 |b Available |8 5350461200004498 | ||