Finding and fixing vulnerabilities in information systems: the vulnerability assessment & mitigation methodology
Gespeichert in:
| Format: | Elektronisch E-Book |
|---|---|
| Sprache: | English |
| Veröffentlicht: |
Santa Monica, CA
Rand
2003
|
| Schriftenreihe: | Rand note
MR-1601-DARPA. |
| Schlagworte: | |
| Online-Zugang: | FAW01 FAW02 Volltext |
| Beschreibung: | Includes bibliographical references Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers |
| Beschreibung: | 1 Online-Ressource (xxvi, 117 pages) |
| ISBN: | 0833034340 0833035991 9780833034342 9780833035998 |
Internformat
MARC
| LEADER | 00000nmm a2200000zcb4500 | ||
|---|---|---|---|
| 001 | BV043096954 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 151126s2003 |||| o||u| ||||||eng d | ||
| 020 | |a 0833034340 |9 0-8330-3434-0 | ||
| 020 | |a 0833035991 |9 0-8330-3599-1 | ||
| 020 | |a 9780833034342 |9 978-0-8330-3434-2 | ||
| 020 | |a 9780833035998 |9 978-0-8330-3599-8 | ||
| 035 | |a (OCoLC)55202642 | ||
| 035 | |a (DE-599)BVBBV043096954 | ||
| 040 | |a DE-604 |b ger |e aacr | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-1046 |a DE-1047 | ||
| 082 | 0 | |a 005.8 |2 22 | |
| 245 | 1 | 0 | |a Finding and fixing vulnerabilities in information systems |b the vulnerability assessment & mitigation methodology |c Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency |
| 246 | 1 | 3 | |a Vulnerability assessment & mitigation methodology |
| 246 | 1 | 3 | |a Vulnerability assessment and mitigation methodology |
| 264 | 1 | |a Santa Monica, CA |b Rand |c 2003 | |
| 300 | |a 1 Online-Ressource (xxvi, 117 pages) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 490 | 0 | |a Rand note |v MR-1601-DARPA. | |
| 500 | |a Includes bibliographical references | ||
| 500 | |a Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values | ||
| 500 | |a Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers | ||
| 650 | 7 | |a COMPUTERS / Internet / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Networking / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Security / General |2 bisacsh | |
| 650 | 7 | |a TRANSPORTATION / General |2 bisacsh | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Data protection |2 fast | |
| 650 | 7 | |a Risk assessment |2 fast | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Data protection | |
| 650 | 4 | |a Risk assessment | |
| 700 | 1 | |a Antón, Philip S. |e Sonstige |4 oth | |
| 710 | 2 | |a United States |b Defense Advanced Research Projects Agency |e Sonstige |4 oth | |
| 856 | 4 | 0 | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337 |x Aggregator |3 Volltext |
| 912 | |a ZDB-4-EBA | ||
| 999 | |a oai:aleph.bib-bvb.de:BVB01-028521146 | ||
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337 |l FAW01 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337 |l FAW02 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1804175503066660864 |
|---|---|
| any_adam_object | |
| building | Verbundindex |
| bvnumber | BV043096954 |
| collection | ZDB-4-EBA |
| ctrlnum | (OCoLC)55202642 (DE-599)BVBBV043096954 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>04002nmm a2200553zcb4500</leader><controlfield tag="001">BV043096954</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">151126s2003 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833034340</subfield><subfield code="9">0-8330-3434-0</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833035991</subfield><subfield code="9">0-8330-3599-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833034342</subfield><subfield code="9">978-0-8330-3434-2</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833035998</subfield><subfield code="9">978-0-8330-3599-8</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)55202642</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV043096954</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1046</subfield><subfield code="a">DE-1047</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Finding and fixing vulnerabilities in information systems</subfield><subfield code="b">the vulnerability assessment & mitigation methodology</subfield><subfield code="c">Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency</subfield></datafield><datafield tag="246" ind1="1" ind2="3"><subfield code="a">Vulnerability assessment & mitigation methodology</subfield></datafield><datafield tag="246" ind1="1" ind2="3"><subfield code="a">Vulnerability assessment and mitigation methodology</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Santa Monica, CA</subfield><subfield code="b">Rand</subfield><subfield code="c">2003</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (xxvi, 117 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Rand note</subfield><subfield code="v">MR-1601-DARPA.</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Internet / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Networking / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">TRANSPORTATION / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Data protection</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Risk assessment</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Risk assessment</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Antón, Philip S.</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="710" ind1="2" ind2=" "><subfield code="a">United States</subfield><subfield code="b">Defense Advanced Research Projects Agency</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-028521146</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337</subfield><subfield code="l">FAW01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337</subfield><subfield code="l">FAW02</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV043096954 |
| illustrated | Not Illustrated |
| indexdate | 2024-07-10T07:17:19Z |
| institution | BVB |
| isbn | 0833034340 0833035991 9780833034342 9780833035998 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-028521146 |
| oclc_num | 55202642 |
| open_access_boolean | |
| owner | DE-1046 DE-1047 |
| owner_facet | DE-1046 DE-1047 |
| physical | 1 Online-Ressource (xxvi, 117 pages) |
| psigel | ZDB-4-EBA ZDB-4-EBA FAW_PDA_EBA |
| publishDate | 2003 |
| publishDateSearch | 2003 |
| publishDateSort | 2003 |
| publisher | Rand |
| record_format | marc |
| series2 | Rand note |
| spelling | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency Vulnerability assessment & mitigation methodology Vulnerability assessment and mitigation methodology Santa Monica, CA Rand 2003 1 Online-Ressource (xxvi, 117 pages) txt rdacontent c rdamedia cr rdacarrier Rand note MR-1601-DARPA. Includes bibliographical references Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh TRANSPORTATION / General bisacsh Computer security fast Data protection fast Risk assessment fast Computer security Data protection Risk assessment Antón, Philip S. Sonstige oth United States Defense Advanced Research Projects Agency Sonstige oth http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337 Aggregator Volltext |
| spellingShingle | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh TRANSPORTATION / General bisacsh Computer security fast Data protection fast Risk assessment fast Computer security Data protection Risk assessment |
| title | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology |
| title_alt | Vulnerability assessment & mitigation methodology Vulnerability assessment and mitigation methodology |
| title_auth | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology |
| title_exact_search | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology |
| title_full | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency |
| title_fullStr | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency |
| title_full_unstemmed | Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency |
| title_short | Finding and fixing vulnerabilities in information systems |
| title_sort | finding and fixing vulnerabilities in information systems the vulnerability assessment mitigation methodology |
| title_sub | the vulnerability assessment & mitigation methodology |
| topic | COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh TRANSPORTATION / General bisacsh Computer security fast Data protection fast Risk assessment fast Computer security Data protection Risk assessment |
| topic_facet | COMPUTERS / Internet / Security COMPUTERS / Networking / Security COMPUTERS / Security / General TRANSPORTATION / General Computer security Data protection Risk assessment |
| url | http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337 |
| work_keys_str_mv | AT antonphilips findingandfixingvulnerabilitiesininformationsystemsthevulnerabilityassessmentmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency findingandfixingvulnerabilitiesininformationsystemsthevulnerabilityassessmentmitigationmethodology AT antonphilips vulnerabilityassessmentmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency vulnerabilityassessmentmitigationmethodology AT antonphilips vulnerabilityassessmentandmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency vulnerabilityassessmentandmitigationmethodology |