Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology / / Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency.
Understanding an organization?s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce th...
Saved in:
| : | |
|---|---|
| TeilnehmendeR: | |
| Year of Publication: | 2003 |
| Language: | English |
| Physical Description: | 1 online resource (145 p.) |
| Notes: | Description based upon print version of record. |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
993628471304498 |
|---|---|
| ctrlnum |
(CKB)111090529190274 (EBL)197482 (OCoLC)70732933 (SSID)ssj0000155168 (PQKBManifestationID)11946802 (PQKBTitleCode)TC0000155168 (PQKBWorkID)10099331 (PQKB)10581966 (Au-PeEL)EBL197482 (CaPaEBR)ebr10056172 (CaONFJC)MIL289776 (MiAaPQ)EBC197482 (EXLCZ)99111090529190274 |
| collection |
bib_alma |
| record_format |
marc |
| spelling |
Finding and fixing vulnerabilities in information systems [electronic resource] : the vulnerability assessment & mitigation methodology / Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency. Santa Monica, CA : Rand, 2003. 1 online resource (145 p.) text txt computer c online resource cr Description based upon print version of record. Cover; PREFACE; CONTENTS; FIGURES; TABLES; SUMMARY; ACKNOWLEDGMENTS; ACRONYMS; Chapter One INTRODUCTION; WHO SHOULD USE THE VAM METHODOLOGY?; PREVIOUS RESEARCH; STRUCTURE OF THIS REPORT; Chapter Two CONCEPTS AND DEFINITIONS; SECURITY; INFORMATION SYSTEMS; SYSTEM OBJECT TYPES; ATTRIBUTES AS SOURCES OF VULNERABILITIES; Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT; OVERVIEW OF THE VAM METHODOLOGY; OTHER DoD VULNERABILITY ASSESSMENT METHODOLOGIES; OCTAVE; ISO/IEC 15408: Common Criteria; ISO/IEC 17799: Code of Practice for Information Security Management Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTSVULNERABILITY ATTRIBUTE CATEGORIES; A VULNERABILITY CHECKLIST AND EXAMPLE; DESCRIPTION OF VULNERABILITY ATTRIBUTES; HOW VULNERABILITY PROPERTIES COMBINE IN COMMON THREATS; Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES; SECURITY TECHNIQUE CATEGORIES AND EXAMPLES; HOW SECURITY TECHNIQUES COMBINE IN COMMON SECURITY APPROACHES; Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES; MAPPING VULNERABILITIES TO SECURITY TECHNIQUES; REFINING THE SECURITY SUGGESTIONS; EXAMPLE SECURITY OPTIONS ARISING FROM THE USE OF THE METHODOLOGY Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOLINITIAL STEPS PERFORMED MANUALLY; VULNERABILITIES GUIDED BY AND RECORDED ON A FORM; THE RISK ASSESSMENT AND MITIGATION SELECTION SPREADSHEET; Chapter Eight NEXT STEPS AND DISCUSSION; FUTURE CHALLENGES AND OPPORTUNITIES; WHAT VULNERABILITY WILL FAIL OR BE ATTACKED NEXT?; USABILITY ISSUES; WHY PERFORM SECURITY ASSESSMENTS?; Chapter Nine SUMMARY AND CONCLUSIONS; Appendix VULNERABILITY TO MITIGATION MAP VALUES; BIBLIOGRAPHY Understanding an organization?s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce the Vulnerability Assessment and Mitigation methodology, a six-step process that uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. English Includes bibliographical references. Computer security. Data protection. Risk assessment. Antón, Philip S. 0-8330-3434-0 United States. Defense Advanced Research Projects Agency. |
| language |
English |
| format |
Electronic eBook |
| author2 |
Antón, Philip S. United States. Defense Advanced Research Projects Agency. |
| author_facet |
Antón, Philip S. United States. Defense Advanced Research Projects Agency. United States. Defense Advanced Research Projects Agency. |
| author2_variant |
p s a ps psa |
| author2_role |
TeilnehmendeR TeilnehmendeR |
| author_corporate |
United States. Defense Advanced Research Projects Agency. |
| author_sort |
Antón, Philip S. |
| title |
Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology / |
| spellingShingle |
Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology / Cover; PREFACE; CONTENTS; FIGURES; TABLES; SUMMARY; ACKNOWLEDGMENTS; ACRONYMS; Chapter One INTRODUCTION; WHO SHOULD USE THE VAM METHODOLOGY?; PREVIOUS RESEARCH; STRUCTURE OF THIS REPORT; Chapter Two CONCEPTS AND DEFINITIONS; SECURITY; INFORMATION SYSTEMS; SYSTEM OBJECT TYPES; ATTRIBUTES AS SOURCES OF VULNERABILITIES; Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT; OVERVIEW OF THE VAM METHODOLOGY; OTHER DoD VULNERABILITY ASSESSMENT METHODOLOGIES; OCTAVE; ISO/IEC 15408: Common Criteria; ISO/IEC 17799: Code of Practice for Information Security Management Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTSVULNERABILITY ATTRIBUTE CATEGORIES; A VULNERABILITY CHECKLIST AND EXAMPLE; DESCRIPTION OF VULNERABILITY ATTRIBUTES; HOW VULNERABILITY PROPERTIES COMBINE IN COMMON THREATS; Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES; SECURITY TECHNIQUE CATEGORIES AND EXAMPLES; HOW SECURITY TECHNIQUES COMBINE IN COMMON SECURITY APPROACHES; Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES; MAPPING VULNERABILITIES TO SECURITY TECHNIQUES; REFINING THE SECURITY SUGGESTIONS; EXAMPLE SECURITY OPTIONS ARISING FROM THE USE OF THE METHODOLOGY Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOLINITIAL STEPS PERFORMED MANUALLY; VULNERABILITIES GUIDED BY AND RECORDED ON A FORM; THE RISK ASSESSMENT AND MITIGATION SELECTION SPREADSHEET; Chapter Eight NEXT STEPS AND DISCUSSION; FUTURE CHALLENGES AND OPPORTUNITIES; WHAT VULNERABILITY WILL FAIL OR BE ATTACKED NEXT?; USABILITY ISSUES; WHY PERFORM SECURITY ASSESSMENTS?; Chapter Nine SUMMARY AND CONCLUSIONS; Appendix VULNERABILITY TO MITIGATION MAP VALUES; BIBLIOGRAPHY |
| title_sub |
the vulnerability assessment & mitigation methodology / |
| title_full |
Finding and fixing vulnerabilities in information systems [electronic resource] : the vulnerability assessment & mitigation methodology / Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency. |
| title_fullStr |
Finding and fixing vulnerabilities in information systems [electronic resource] : the vulnerability assessment & mitigation methodology / Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency. |
| title_full_unstemmed |
Finding and fixing vulnerabilities in information systems [electronic resource] : the vulnerability assessment & mitigation methodology / Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency. |
| title_auth |
Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology / |
| title_new |
Finding and fixing vulnerabilities in information systems |
| title_sort |
finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology / |
| publisher |
Rand, |
| publishDate |
2003 |
| physical |
1 online resource (145 p.) |
| contents |
Cover; PREFACE; CONTENTS; FIGURES; TABLES; SUMMARY; ACKNOWLEDGMENTS; ACRONYMS; Chapter One INTRODUCTION; WHO SHOULD USE THE VAM METHODOLOGY?; PREVIOUS RESEARCH; STRUCTURE OF THIS REPORT; Chapter Two CONCEPTS AND DEFINITIONS; SECURITY; INFORMATION SYSTEMS; SYSTEM OBJECT TYPES; ATTRIBUTES AS SOURCES OF VULNERABILITIES; Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT; OVERVIEW OF THE VAM METHODOLOGY; OTHER DoD VULNERABILITY ASSESSMENT METHODOLOGIES; OCTAVE; ISO/IEC 15408: Common Criteria; ISO/IEC 17799: Code of Practice for Information Security Management Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTSVULNERABILITY ATTRIBUTE CATEGORIES; A VULNERABILITY CHECKLIST AND EXAMPLE; DESCRIPTION OF VULNERABILITY ATTRIBUTES; HOW VULNERABILITY PROPERTIES COMBINE IN COMMON THREATS; Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES; SECURITY TECHNIQUE CATEGORIES AND EXAMPLES; HOW SECURITY TECHNIQUES COMBINE IN COMMON SECURITY APPROACHES; Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES; MAPPING VULNERABILITIES TO SECURITY TECHNIQUES; REFINING THE SECURITY SUGGESTIONS; EXAMPLE SECURITY OPTIONS ARISING FROM THE USE OF THE METHODOLOGY Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOLINITIAL STEPS PERFORMED MANUALLY; VULNERABILITIES GUIDED BY AND RECORDED ON A FORM; THE RISK ASSESSMENT AND MITIGATION SELECTION SPREADSHEET; Chapter Eight NEXT STEPS AND DISCUSSION; FUTURE CHALLENGES AND OPPORTUNITIES; WHAT VULNERABILITY WILL FAIL OR BE ATTACKED NEXT?; USABILITY ISSUES; WHY PERFORM SECURITY ASSESSMENTS?; Chapter Nine SUMMARY AND CONCLUSIONS; Appendix VULNERABILITY TO MITIGATION MAP VALUES; BIBLIOGRAPHY |
| isbn |
0-8330-3599-1 0-8330-3434-0 |
| callnumber-first |
Q - Science |
| callnumber-subject |
QA - Mathematics |
| callnumber-label |
QA76 |
| callnumber-sort |
QA 276.9 A25 F525 42003 |
| illustrated |
Illustrated |
| dewey-hundreds |
000 - Computer science, information & general works |
| dewey-tens |
000 - Computer science, knowledge & systems |
| dewey-ones |
005 - Computer programming, programs & data |
| dewey-full |
005.8 |
| dewey-sort |
15.8 |
| dewey-raw |
005.8 |
| dewey-search |
005.8 |
| oclc_num |
70732933 |
| work_keys_str_mv |
AT antonphilips findingandfixingvulnerabilitiesininformationsystemsthevulnerabilityassessmentmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency findingandfixingvulnerabilitiesininformationsystemsthevulnerabilityassessmentmitigationmethodology |
| status_str |
n |
| ids_txt_mv |
(CKB)111090529190274 (EBL)197482 (OCoLC)70732933 (SSID)ssj0000155168 (PQKBManifestationID)11946802 (PQKBTitleCode)TC0000155168 (PQKBWorkID)10099331 (PQKB)10581966 (Au-PeEL)EBL197482 (CaPaEBR)ebr10056172 (CaONFJC)MIL289776 (MiAaPQ)EBC197482 (EXLCZ)99111090529190274 |
| carrierType_str_mv |
cr |
| is_hierarchy_title |
Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology / |
| author2_original_writing_str_mv |
noLinkedField noLinkedField |
| _version_ |
1796653678813249537 |
| fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>03908nam a22005414a 4500</leader><controlfield tag="001">993628471304498</controlfield><controlfield tag="005">20230617011012.0</controlfield><controlfield tag="006">m o d | </controlfield><controlfield tag="007">cr -n---------</controlfield><controlfield tag="008">030529s2003 caua ob 000 0 eng </controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="z"> 2003012342</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0-8330-3599-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(CKB)111090529190274</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(EBL)197482</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)70732933</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(SSID)ssj0000155168</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(PQKBManifestationID)11946802</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(PQKBTitleCode)TC0000155168</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(PQKBWorkID)10099331</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(PQKB)10581966</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(Au-PeEL)EBL197482</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(CaPaEBR)ebr10056172</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(CaONFJC)MIL289776</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(MiAaPQ)EBC197482</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(EXLCZ)99111090529190274</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">MiAaPQ</subfield><subfield code="c">MiAaPQ</subfield><subfield code="d">MiAaPQ</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield><subfield code="b">F525 2003</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">005.8</subfield><subfield code="2">21</subfield></datafield><datafield tag="245" ind1="0" ind2="0"><subfield code="a">Finding and fixing vulnerabilities in information systems</subfield><subfield code="h">[electronic resource] :</subfield><subfield code="b">the vulnerability assessment & mitigation methodology /</subfield><subfield code="c">Philip S. Anton ... [et al.] ; prepared for the Defense Advanced Research Projects Agency.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Santa Monica, CA :</subfield><subfield code="b">Rand,</subfield><subfield code="c">2003.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (145 p.)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based upon print version of record.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; PREFACE; CONTENTS; FIGURES; TABLES; SUMMARY; ACKNOWLEDGMENTS; ACRONYMS; Chapter One INTRODUCTION; WHO SHOULD USE THE VAM METHODOLOGY?; PREVIOUS RESEARCH; STRUCTURE OF THIS REPORT; Chapter Two CONCEPTS AND DEFINITIONS; SECURITY; INFORMATION SYSTEMS; SYSTEM OBJECT TYPES; ATTRIBUTES AS SOURCES OF VULNERABILITIES; Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT; OVERVIEW OF THE VAM METHODOLOGY; OTHER DoD VULNERABILITY ASSESSMENT METHODOLOGIES; OCTAVE; ISO/IEC 15408: Common Criteria; ISO/IEC 17799: Code of Practice for Information Security Management</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTSVULNERABILITY ATTRIBUTE CATEGORIES; A VULNERABILITY CHECKLIST AND EXAMPLE; DESCRIPTION OF VULNERABILITY ATTRIBUTES; HOW VULNERABILITY PROPERTIES COMBINE IN COMMON THREATS; Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES; SECURITY TECHNIQUE CATEGORIES AND EXAMPLES; HOW SECURITY TECHNIQUES COMBINE IN COMMON SECURITY APPROACHES; Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES; MAPPING VULNERABILITIES TO SECURITY TECHNIQUES; REFINING THE SECURITY SUGGESTIONS; EXAMPLE SECURITY OPTIONS ARISING FROM THE USE OF THE METHODOLOGY</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOLINITIAL STEPS PERFORMED MANUALLY; VULNERABILITIES GUIDED BY AND RECORDED ON A FORM; THE RISK ASSESSMENT AND MITIGATION SELECTION SPREADSHEET; Chapter Eight NEXT STEPS AND DISCUSSION; FUTURE CHALLENGES AND OPPORTUNITIES; WHAT VULNERABILITY WILL FAIL OR BE ATTACKED NEXT?; USABILITY ISSUES; WHY PERFORM SECURITY ASSESSMENTS?; Chapter Nine SUMMARY AND CONCLUSIONS; Appendix VULNERABILITY TO MITIGATION MAP VALUES; BIBLIOGRAPHY</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Understanding an organization?s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce the Vulnerability Assessment and Mitigation methodology, a six-step process that uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses.</subfield></datafield><datafield tag="546" ind1=" " ind2=" "><subfield code="a">English</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Data protection.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Risk assessment.</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Antón, Philip S.</subfield></datafield><datafield tag="776" ind1=" " ind2=" "><subfield code="z">0-8330-3434-0</subfield></datafield><datafield tag="710" ind1="1" ind2=" "><subfield code="a">United States.</subfield><subfield code="b">Defense Advanced Research Projects Agency.</subfield></datafield><datafield tag="906" ind1=" " ind2=" "><subfield code="a">BOOK</subfield></datafield><datafield tag="ADM" ind1=" " ind2=" "><subfield code="b">2023-10-30 03:38:18 Europe/Vienna</subfield><subfield code="f">System</subfield><subfield code="c">marc21</subfield><subfield code="a">2012-02-26 00:12:32 Europe/Vienna</subfield><subfield code="g">false</subfield></datafield><datafield tag="AVE" ind1=" " ind2=" "><subfield code="i">DOAB Directory of Open Access Books</subfield><subfield code="P">DOAB Directory of Open Access Books</subfield><subfield code="x">https://eu02.alma.exlibrisgroup.com/view/uresolver/43ACC_OEAW/openurl?u.ignore_date_coverage=true&portfolio_pid=5350461200004498&Force_direct=true</subfield><subfield code="Z">5350461200004498</subfield><subfield code="b">Available</subfield><subfield code="8">5350461200004498</subfield></datafield></record></collection> |