You are not signed in. Sign in.


Category IT Books

Assessing and Managing Security Risk in IT Systems » (1st Edition)

Book cover image of Assessing and Managing Security Risk in IT Systems by John McCumber

Authors: John McCumber
ISBN-13: 9780849322327, ISBN-10: 0849322324
Format: Hardcover
Publisher: Taylor & Francis, Inc.
Date Published: August 2004
Edition: 1st Edition

Find Best Prices for This Book »

Author Biography: John McCumber

Book Synopsis

Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments.

Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process.

Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems.

Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.

Table of Contents

Sect. ISecurity concepts
1Using models3
2Defining information security23
3Information as an asset41
4Understanding threat and its relation to vulnerabilities57
5Assessing risk variables : the risk assessment process71
Sect. IIThe McCumber Cube methodology
6The McCumber Cube99
7Determining information states and mapping information flow111
8Decomposing the cube for security enforcement131
9Information state analysis for components and subsystems153
10Managing the security life cycle165
11Safeguard analysis177
12Practical applications of McCumber Cube analysis197
Sect. IIIAppendices
App. AVulnerabilities223
App. BRisk assessment metrics235
App. CDiagrams and tables245




No reviews. Submit yours!

Review this book.

We would like to know what you think about this book and publish your thoughts here! (top)

Your Review

  1. You may optionally give a title for this comment.

  2. Worst to best, 1 to 5, what would you rate this one?

  3. The actual content of your comment. No HTML nor whatsoever allowed.

  4. The author of this comment.

  5. 2 + 8 = ?

    Please answer the question by common sense.