Verfügbarkeit: Finding and fixing vulnerabilities in information systems :

Finding and fixing vulnerabilities in information systems :: the vulnerability assessment & mitigation methodology /

Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, unders...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Körperschaft:	United States. Defense Advanced Research Projects Agency
Weitere Verfasser:	Antón, Philip S.
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Santa Monica, CA : Rand, 2003.
Schriftenreihe:	Rand note ; MR-1601-DARPA.
Schlagworte:	Computer security. Data protection. Risk assessment. Engineering & Applied Sciences. Computer Science. Sécurité informatique. Protection de l'information (Informatique) Évaluation du risque. risk assessment. COMPUTERS > Internet > Security. COMPUTERS > Networking > Security. COMPUTERS > Security > General. TRANSPORTATION > General. Computer security Data protection Risk assessment Computer Security Risk Assessment
Online-Zugang:	Volltext
Zusammenfassung:	Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers.
Beschreibung:	1 online resource (xxvi, 117 pages) : illustrations
Format:	Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.
Bibliographie:	Includes bibliographical references.
ISBN:	0833035991 9780833035998 0833034340 9780833034342

Internformat

MARC


LEADER	00000cam a22000004a 4500
001	ZDB-4-EBA-ocm55202642
003	OCoLC
005	20241004212047.0
006	m o d
007	cr cnu---unuuu
008	040518s2003 caua ob 000 0 eng d
040			\|a N$T \|b eng \|e pn \|c N$T \|d OCLCQ \|d YDXCP \|d OCLCQ \|d JSTOR \|d OCLCF \|d DKDLA \|d REDDC \|d BAKER \|d UBY \|d EBLCP \|d ADU \|d E7B \|d COCUF \|d DEBSZ \|d OCLCE \|d T5N \|d OCLCQ \|d OCLCO \|d OCLCQ \|d NLGGC \|d OCLCQ \|d AGLDB \|d MOR \|d PIFBR \|d ZCU \|d MERUC \|d OCLCQ \|d LND \|d VT2 \|d VFL \|d U3W \|d LOA \|d OCLCA \|d ICG \|d STF \|d WRM \|d VTS \|d CEF \|d NRAMU \|d OCLCQ \|d INT \|d EZ9 \|d AU@ \|d OCLCQ \|d ERL \|d ICN \|d OCLCQ \|d G3B \|d DKC \|d OCLCQ \|d NJT \|d UMK \|d OCLCQ \|d K6U \|d UKCRE \|d OCLCO \|d OCLCQ \|d OCLCO \|d UEJ \|d OCLCL
066			\|c Thai
019			\|a 70732933 \|a 85858003 \|a 475716732 \|a 614548291 \|a 647364244 \|a 650968068 \|a 722256239 \|a 760198693 \|a 794009209 \|a 888476867 \|a 988420899 \|a 991986241 \|a 1008943366 \|a 1037698459 \|a 1038670113 \|a 1045513600 \|a 1053104789 \|a 1055350518 \|a 1081203408 \|a 1115078254 \|a 1153525873 \|a 1228575083 \|a 1296657985 \|a 1401734793 \|a 1416630208 \|a 1440423330
020			\|a 0833035991 \|q (electronic bk.)
020			\|a 9780833035998 \|q (electronic bk.)
020			\|a 0833034340 \|q (pbk.)
020			\|a 9780833034342 \|q (pbk.)
035			\|a (OCoLC)55202642 \|z (OCoLC)70732933 \|z (OCoLC)85858003 \|z (OCoLC)475716732 \|z (OCoLC)614548291 \|z (OCoLC)647364244 \|z (OCoLC)650968068 \|z (OCoLC)722256239 \|z (OCoLC)760198693 \|z (OCoLC)794009209 \|z (OCoLC)888476867 \|z (OCoLC)988420899 \|z (OCoLC)991986241 \|z (OCoLC)1008943366 \|z (OCoLC)1037698459 \|z (OCoLC)1038670113 \|z (OCoLC)1045513600 \|z (OCoLC)1053104789 \|z (OCoLC)1055350518 \|z (OCoLC)1081203408 \|z (OCoLC)1115078254 \|z (OCoLC)1153525873 \|z (OCoLC)1228575083 \|z (OCoLC)1296657985 \|z (OCoLC)1401734793 \|z (OCoLC)1416630208 \|z (OCoLC)1440423330
037			\|a 22573/ctthsbz \|b JSTOR
042			\|a dlr
050		4	\|a QA76.9.A25 \|b F525 2003eb
072		7	\|a COM \|x 060040 \|2 bisacsh
072		7	\|a COM \|x 043050 \|2 bisacsh
072		7	\|a COM \|x 053000 \|2 bisacsh
072		7	\|a TRA000000 \|2 bisacsh
072		7	\|a POL012000 \|2 bisacsh
082	7		\|a 005.8 \|2 22
049			\|a MAIN
245	0	0	\|a Finding and fixing vulnerabilities in information systems : \|b the vulnerability assessment & mitigation methodology / \|c Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency.
246	3	0	\|a Vulnerability assessment & mitigation methodology
246	3	0	\|a Vulnerability assessment and mitigation methodology
260			\|a Santa Monica, CA : \|b Rand, \|c 2003.
300			\|a 1 online resource (xxvi, 117 pages) : \|b illustrations
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
490	1		\|a Rand note ; \|v MR-1601-DARPA
504			\|a Includes bibliographical references.
505	0		\|a Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values.
520			\|a Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers.
588	0		\|a Print version record.
506			\|3 Use copy \|f Restrictions unspecified \|2 star \|5 MiAaHDL
533			\|a Electronic reproduction. \|b [Place of publication not identified]: \|c HathiTrust Digital Library. \|d 2024. \|5 MiAaHDL
538			\|a Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002. \|u http://purl.oclc.org/DLF/benchrepro0212 \|5 MiAaHDL
583	1		\|a digitized \|c 2024. \|h HathiTrust Digital Library \|l committed to preserve \|2 pda \|5 MiAaHDL
650		0	\|a Computer security.
650		0	\|a Data protection. \|0 http://id.loc.gov/authorities/subjects/sh85035859
650		0	\|a Risk assessment. \|0 http://id.loc.gov/authorities/subjects/sh87002638
650		4	\|a Engineering & Applied Sciences.
650		4	\|a Computer Science.
650		6	\|a Sécurité informatique.
650		6	\|a Protection de l'information (Informatique)
650		6	\|a Évaluation du risque.
650		7	\|a risk assessment. \|2 aat
650		7	\|a COMPUTERS \|x Internet \|x Security. \|2 bisacsh
650		7	\|a COMPUTERS \|x Networking \|x Security. \|2 bisacsh
650		7	\|a COMPUTERS \|x Security \|x General. \|2 bisacsh
650		7	\|a TRANSPORTATION \|x General. \|2 bisacsh
650		7	\|a Computer security \|2 fast
650		7	\|a Data protection \|2 fast
650		7	\|a Risk assessment \|2 fast
650		1	\|a Computer security.
650		1	\|a Data protection.
650		1	\|a Risk assessment.
650		2	\|a Computer Security \|0 https://id.nlm.nih.gov/mesh/D016494
650		2	\|a Risk Assessment \|0 https://id.nlm.nih.gov/mesh/D018570
700	1		\|a Antón, Philip S. \|0 http://id.loc.gov/authorities/names/n2001001128
710	1		\|a United States. \|b Defense Advanced Research Projects Agency. \|0 http://id.loc.gov/authorities/names/n79004228
758			\|i has work: \|a Finding and fixing vulnerabilities in information systems (Text) \|1 https://id.oclc.org/worldcat/entity/E39PCGbgjqT6dwfMxd37V7JmtX \|4 https://id.oclc.org/worldcat/ontology/hasWork
773	0		\|t Books at JSTOR: Open Access \|d JSTOR
776	0	8	\|i Print version: \|t Finding and fixing vulnerabilities in information systems. \|d Santa Monica, CA : Rand, 2003 \|z 0833034340 \|w (DLC) 2003012342 \|w (OCoLC)52349150
776	0	8	\|i Online version: \|t Finding and fixing vulnerabilities in information systems. \|d Santa Monica, CA : Rand, 2003 \|w (OCoLC)1296657985
830		0	\|a Rand note ; \|v MR-1601-DARPA. \|0 http://id.loc.gov/authorities/names/n42020720
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=105337 \|3 Volltext
880	1		\|6 700-00/Thai \|a Antโon, Philip S.
938			\|a Baker & Taylor \|b BKTY \|c 24.00 \|d 24.00 \|i 0833034340 \|n 0004248472 \|s active
938			\|a ProQuest Ebook Central \|b EBLB \|n EBL197482
938			\|a ebrary \|b EBRY \|n ebr10056172
938			\|a EBSCOhost \|b EBSC \|n 105337
938			\|a YBP Library Services \|b YANK \|n 2344704
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-ocm55202642
_version_	1816881615338471424
adam_text
any_adam_object
author2	Antón, Philip S.
author2_role
author2_variant	p s a ps psa
author_GND	http://id.loc.gov/authorities/names/n2001001128
author_corporate	United States. Defense Advanced Research Projects Agency
author_corporate_role
author_facet	Antón, Philip S. United States. Defense Advanced Research Projects Agency
author_sort	Antón, Philip S.
building	Verbundindex
bvnumber	localFWS
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25 F525 2003eb
callnumber-search	QA76.9.A25 F525 2003eb
callnumber-sort	QA 276.9 A25 F525 42003EB
callnumber-subject	QA - Mathematics
collection	ZDB-4-EBA
contents	Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values.
ctrlnum	(OCoLC)55202642
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>07295cam a22009494a 4500</leader><controlfield tag="001">ZDB-4-EBA-ocm55202642 </controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">040518s2003 caua ob 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">N$T</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">N$T</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">YDXCP</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">JSTOR</subfield><subfield code="d">OCLCF</subfield><subfield code="d">DKDLA</subfield><subfield code="d">REDDC</subfield><subfield code="d">BAKER</subfield><subfield code="d">UBY</subfield><subfield code="d">EBLCP</subfield><subfield code="d">ADU</subfield><subfield code="d">E7B</subfield><subfield code="d">COCUF</subfield><subfield code="d">DEBSZ</subfield><subfield code="d">OCLCE</subfield><subfield code="d">T5N</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">NLGGC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">AGLDB</subfield><subfield code="d">MOR</subfield><subfield code="d">PIFBR</subfield><subfield code="d">ZCU</subfield><subfield code="d">MERUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">LND</subfield><subfield code="d">VT2</subfield><subfield code="d">VFL</subfield><subfield code="d">U3W</subfield><subfield code="d">LOA</subfield><subfield code="d">OCLCA</subfield><subfield code="d">ICG</subfield><subfield code="d">STF</subfield><subfield code="d">WRM</subfield><subfield code="d">VTS</subfield><subfield code="d">CEF</subfield><subfield code="d">NRAMU</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">INT</subfield><subfield code="d">EZ9</subfield><subfield code="d">AU@</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">ERL</subfield><subfield code="d">ICN</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">G3B</subfield><subfield code="d">DKC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">NJT</subfield><subfield code="d">UMK</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">K6U</subfield><subfield code="d">UKCRE</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">UEJ</subfield><subfield code="d">OCLCL</subfield></datafield><datafield tag="066" ind1=" " ind2=" "><subfield code="c">Thai</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">70732933</subfield><subfield code="a">85858003</subfield><subfield code="a">475716732</subfield><subfield code="a">614548291</subfield><subfield code="a">647364244</subfield><subfield code="a">650968068</subfield><subfield code="a">722256239</subfield><subfield code="a">760198693</subfield><subfield code="a">794009209</subfield><subfield code="a">888476867</subfield><subfield code="a">988420899</subfield><subfield code="a">991986241</subfield><subfield code="a">1008943366</subfield><subfield code="a">1037698459</subfield><subfield code="a">1038670113</subfield><subfield code="a">1045513600</subfield><subfield code="a">1053104789</subfield><subfield code="a">1055350518</subfield><subfield code="a">1081203408</subfield><subfield code="a">1115078254</subfield><subfield code="a">1153525873</subfield><subfield code="a">1228575083</subfield><subfield code="a">1296657985</subfield><subfield code="a">1401734793</subfield><subfield code="a">1416630208</subfield><subfield code="a">1440423330</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833035991</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833035998</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833034340</subfield><subfield code="q">(pbk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833034342</subfield><subfield code="q">(pbk.)</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)55202642</subfield><subfield code="z">(OCoLC)70732933</subfield><subfield code="z">(OCoLC)85858003</subfield><subfield code="z">(OCoLC)475716732</subfield><subfield code="z">(OCoLC)614548291</subfield><subfield code="z">(OCoLC)647364244</subfield><subfield code="z">(OCoLC)650968068</subfield><subfield code="z">(OCoLC)722256239</subfield><subfield code="z">(OCoLC)760198693</subfield><subfield code="z">(OCoLC)794009209</subfield><subfield code="z">(OCoLC)888476867</subfield><subfield code="z">(OCoLC)988420899</subfield><subfield code="z">(OCoLC)991986241</subfield><subfield code="z">(OCoLC)1008943366</subfield><subfield code="z">(OCoLC)1037698459</subfield><subfield code="z">(OCoLC)1038670113</subfield><subfield code="z">(OCoLC)1045513600</subfield><subfield code="z">(OCoLC)1053104789</subfield><subfield code="z">(OCoLC)1055350518</subfield><subfield code="z">(OCoLC)1081203408</subfield><subfield code="z">(OCoLC)1115078254</subfield><subfield code="z">(OCoLC)1153525873</subfield><subfield code="z">(OCoLC)1228575083</subfield><subfield code="z">(OCoLC)1296657985</subfield><subfield code="z">(OCoLC)1401734793</subfield><subfield code="z">(OCoLC)1416630208</subfield><subfield code="z">(OCoLC)1440423330</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">22573/ctthsbz</subfield><subfield code="b">JSTOR</subfield></datafield><datafield tag="042" ind1=" " ind2=" "><subfield code="a">dlr</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield><subfield code="b">F525 2003eb</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">060040</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">043050</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">053000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">TRA000000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">POL012000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="245" ind1="0" ind2="0"><subfield code="a">Finding and fixing vulnerabilities in information systems :</subfield><subfield code="b">the vulnerability assessment & mitigation methodology /</subfield><subfield code="c">Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency.</subfield></datafield><datafield tag="246" ind1="3" ind2="0"><subfield code="a">Vulnerability assessment & mitigation methodology</subfield></datafield><datafield tag="246" ind1="3" ind2="0"><subfield code="a">Vulnerability assessment and mitigation methodology</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Santa Monica, CA :</subfield><subfield code="b">Rand,</subfield><subfield code="c">2003.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (xxvi, 117 pages) :</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Rand note ;</subfield><subfield code="v">MR-1601-DARPA</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers.</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="506" ind1=" " ind2=" "><subfield code="3">Use copy</subfield><subfield code="f">Restrictions unspecified</subfield><subfield code="2">star</subfield><subfield code="5">MiAaHDL</subfield></datafield><datafield tag="533" ind1=" " ind2=" "><subfield code="a">Electronic reproduction.</subfield><subfield code="b">[Place of publication not identified]:</subfield><subfield code="c">HathiTrust Digital Library.</subfield><subfield code="d">2024.</subfield><subfield code="5">MiAaHDL</subfield></datafield><datafield tag="538" ind1=" " ind2=" "><subfield code="a">Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.</subfield><subfield code="u">http://purl.oclc.org/DLF/benchrepro0212</subfield><subfield code="5">MiAaHDL</subfield></datafield><datafield tag="583" ind1="1" ind2=" "><subfield code="a">digitized</subfield><subfield code="c">2024.</subfield><subfield code="h">HathiTrust Digital Library</subfield><subfield code="l">committed to preserve</subfield><subfield code="2">pda</subfield><subfield code="5">MiAaHDL</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Data protection.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85035859</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Risk assessment.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh87002638</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Engineering & Applied Sciences.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer Science.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Protection de l'information (Informatique)</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Évaluation du risque.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">risk assessment.</subfield><subfield code="2">aat</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Internet</subfield><subfield code="x">Security.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Networking</subfield><subfield code="x">Security.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Security</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">TRANSPORTATION</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Data protection</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Risk assessment</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="1"><subfield code="a">Computer security.</subfield></datafield><datafield tag="650" ind1=" " ind2="1"><subfield code="a">Data protection.</subfield></datafield><datafield tag="650" ind1=" " ind2="1"><subfield code="a">Risk assessment.</subfield></datafield><datafield tag="650" ind1=" " ind2="2"><subfield code="a">Computer Security</subfield><subfield code="0">https://id.nlm.nih.gov/mesh/D016494</subfield></datafield><datafield tag="650" ind1=" " ind2="2"><subfield code="a">Risk Assessment</subfield><subfield code="0">https://id.nlm.nih.gov/mesh/D018570</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Antón, Philip S.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n2001001128</subfield></datafield><datafield tag="710" ind1="1" ind2=" "><subfield code="a">United States.</subfield><subfield code="b">Defense Advanced Research Projects Agency.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n79004228</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Finding and fixing vulnerabilities in information systems (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCGbgjqT6dwfMxd37V7JmtX</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="773" ind1="0" ind2=" "><subfield code="t">Books at JSTOR: Open Access</subfield><subfield code="d">JSTOR</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="t">Finding and fixing vulnerabilities in information systems.</subfield><subfield code="d">Santa Monica, CA : Rand, 2003</subfield><subfield code="z">0833034340</subfield><subfield code="w">(DLC) 2003012342</subfield><subfield code="w">(OCoLC)52349150</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Online version:</subfield><subfield code="t">Finding and fixing vulnerabilities in information systems.</subfield><subfield code="d">Santa Monica, CA : Rand, 2003</subfield><subfield code="w">(OCoLC)1296657985</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Rand note ;</subfield><subfield code="v">MR-1601-DARPA.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n42020720</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=105337</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="880" ind1="1" ind2=" "><subfield code="6">700-00/Thai</subfield><subfield code="a">Antโon, Philip S.</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Baker & Taylor</subfield><subfield code="b">BKTY</subfield><subfield code="c">24.00</subfield><subfield code="d">24.00</subfield><subfield code="i">0833034340</subfield><subfield code="n">0004248472</subfield><subfield code="s">active</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL197482</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ebrary</subfield><subfield code="b">EBRY</subfield><subfield code="n">ebr10056172</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">105337</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">2344704</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-ocm55202642
illustrated	Illustrated
indexdate	2024-11-27T13:15:32Z
institution	BVB
institution_GND	http://id.loc.gov/authorities/names/n79004228
isbn	0833035991 9780833035998 0833034340 9780833034342
language	English
oclc_num	55202642
open_access_boolean
owner	MAIN DE-863 DE-BY-FWS
owner_facet	MAIN DE-863 DE-BY-FWS
physical	1 online resource (xxvi, 117 pages) : illustrations
psigel	ZDB-4-EBA
publishDate	2003
publishDateSearch	2003
publishDateSort	2003
publisher	Rand,
record_format	marc
series	Rand note ;
series2	Rand note ;
spelling	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology / Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency. Vulnerability assessment & mitigation methodology Vulnerability assessment and mitigation methodology Santa Monica, CA : Rand, 2003. 1 online resource (xxvi, 117 pages) : illustrations text txt rdacontent computer c rdamedia online resource cr rdacarrier Rand note ; MR-1601-DARPA Includes bibliographical references. Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values. Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers. Print version record. Use copy Restrictions unspecified star MiAaHDL Electronic reproduction. [Place of publication not identified]: HathiTrust Digital Library. 2024. MiAaHDL Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002. http://purl.oclc.org/DLF/benchrepro0212 MiAaHDL digitized 2024. HathiTrust Digital Library committed to preserve pda MiAaHDL Computer security. Data protection. http://id.loc.gov/authorities/subjects/sh85035859 Risk assessment. http://id.loc.gov/authorities/subjects/sh87002638 Engineering & Applied Sciences. Computer Science. Sécurité informatique. Protection de l'information (Informatique) Évaluation du risque. risk assessment. aat COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh TRANSPORTATION General. bisacsh Computer security fast Data protection fast Risk assessment fast Data protection. Risk assessment. Computer Security https://id.nlm.nih.gov/mesh/D016494 Risk Assessment https://id.nlm.nih.gov/mesh/D018570 Antón, Philip S. http://id.loc.gov/authorities/names/n2001001128 United States. Defense Advanced Research Projects Agency. http://id.loc.gov/authorities/names/n79004228 has work: Finding and fixing vulnerabilities in information systems (Text) https://id.oclc.org/worldcat/entity/E39PCGbgjqT6dwfMxd37V7JmtX https://id.oclc.org/worldcat/ontology/hasWork Books at JSTOR: Open Access JSTOR Print version: Finding and fixing vulnerabilities in information systems. Santa Monica, CA : Rand, 2003 0833034340 (DLC) 2003012342 (OCoLC)52349150 Online version: Finding and fixing vulnerabilities in information systems. Santa Monica, CA : Rand, 2003 (OCoLC)1296657985 Rand note ; MR-1601-DARPA. http://id.loc.gov/authorities/names/n42020720 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=105337 Volltext 700-00/Thai Antโon, Philip S.
spellingShingle	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology / Rand note ; Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values. Computer security. Data protection. http://id.loc.gov/authorities/subjects/sh85035859 Risk assessment. http://id.loc.gov/authorities/subjects/sh87002638 Engineering & Applied Sciences. Computer Science. Sécurité informatique. Protection de l'information (Informatique) Évaluation du risque. risk assessment. aat COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh TRANSPORTATION General. bisacsh Computer security fast Data protection fast Risk assessment fast Data protection. Risk assessment. Computer Security https://id.nlm.nih.gov/mesh/D016494 Risk Assessment https://id.nlm.nih.gov/mesh/D018570
subject_GND	http://id.loc.gov/authorities/subjects/sh85035859 http://id.loc.gov/authorities/subjects/sh87002638 https://id.nlm.nih.gov/mesh/D016494 https://id.nlm.nih.gov/mesh/D018570
title	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology /
title_alt	Vulnerability assessment & mitigation methodology Vulnerability assessment and mitigation methodology
title_auth	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology /
title_exact_search	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology /
title_full	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology / Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency.
title_fullStr	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology / Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency.
title_full_unstemmed	Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology / Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency.
title_short	Finding and fixing vulnerabilities in information systems :
title_sort	finding and fixing vulnerabilities in information systems the vulnerability assessment mitigation methodology
title_sub	the vulnerability assessment & mitigation methodology /
topic	Computer security. Data protection. http://id.loc.gov/authorities/subjects/sh85035859 Risk assessment. http://id.loc.gov/authorities/subjects/sh87002638 Engineering & Applied Sciences. Computer Science. Sécurité informatique. Protection de l'information (Informatique) Évaluation du risque. risk assessment. aat COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh TRANSPORTATION General. bisacsh Computer security fast Data protection fast Risk assessment fast Data protection. Risk assessment. Computer Security https://id.nlm.nih.gov/mesh/D016494 Risk Assessment https://id.nlm.nih.gov/mesh/D018570
topic_facet	Computer security. Data protection. Risk assessment. Engineering & Applied Sciences. Computer Science. Sécurité informatique. Protection de l'information (Informatique) Évaluation du risque. risk assessment. COMPUTERS Internet Security. COMPUTERS Networking Security. COMPUTERS Security General. TRANSPORTATION General. Computer security Data protection Risk assessment Computer Security Risk Assessment
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=105337
work_keys_str_mv	AT antonphilips findingandfixingvulnerabilitiesininformationsystemsthevulnerabilityassessmentmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency findingandfixingvulnerabilitiesininformationsystemsthevulnerabilityassessmentmitigationmethodology AT antonphilips vulnerabilityassessmentmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency vulnerabilityassessmentmitigationmethodology AT antonphilips vulnerabilityassessmentandmitigationmethodology AT unitedstatesdefenseadvancedresearchprojectsagency vulnerabilityassessmentandmitigationmethodology

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge