Cargando…
Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology /
Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, unders...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor Corporativo: | |
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Santa Monica, CA :
Rand,
2003.
|
| Colección: | Rand note ;
MR-1601-DARPA. |
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a22000004a 4500 | ||
|---|---|---|---|
| 001 | JSTOR_ocm55202642 | ||
| 003 | OCoLC | ||
| 005 | 20231005004200.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 040518s2003 caua ob 000 0 eng d | ||
| 040 | |a N$T |b eng |e pn |c N$T |d OCLCQ |d YDXCP |d OCLCQ |d JSTOR |d OCLCF |d DKDLA |d REDDC |d BAKER |d UBY |d EBLCP |d ADU |d E7B |d COCUF |d DEBSZ |d OCLCE |d T5N |d OCLCQ |d OCLCO |d OCLCQ |d NLGGC |d OCLCQ |d AGLDB |d MOR |d PIFBR |d ZCU |d MERUC |d OCLCQ |d LND |d VT2 |d VFL |d U3W |d LOA |d OCLCA |d ICG |d STF |d WRM |d VTS |d CEF |d NRAMU |d OCLCQ |d INT |d EZ9 |d AU@ |d OCLCQ |d ERL |d ICN |d OCLCQ |d G3B |d DKC |d OCLCQ |d NJT |d UMK |d OCLCQ |d K6U |d UKCRE |d OCLCO |d OCLCQ |d OCLCO | ||
| 066 | |c Thai | ||
| 019 | |a 70732933 |a 85858003 |a 475716732 |a 614548291 |a 647364244 |a 650968068 |a 722256239 |a 760198693 |a 794009209 |a 888476867 |a 988420899 |a 991986241 |a 1008943366 |a 1037698459 |a 1038670113 |a 1045513600 |a 1053104789 |a 1055350518 |a 1081203408 |a 1115078254 |a 1153525873 |a 1228575083 |a 1296657985 | ||
| 020 | |a 0833035991 |q (electronic bk.) | ||
| 020 | |a 9780833035998 |q (electronic bk.) | ||
| 020 | |a 0833034340 |q (pbk.) | ||
| 020 | |a 9780833034342 |q (pbk.) | ||
| 029 | 1 | |a AU@ |b 000050961668 | |
| 029 | 1 | |a AU@ |b 000053227778 | |
| 029 | 1 | |a AU@ |b 000061155435 | |
| 029 | 1 | |a DEBBG |b BV043096954 | |
| 029 | 1 | |a DEBBG |b BV044078090 | |
| 029 | 1 | |a DEBSZ |b 396053971 | |
| 029 | 1 | |a DEBSZ |b 422391255 | |
| 029 | 1 | |a GBVCP |b 1008648558 | |
| 029 | 1 | |a GBVCP |b 801138582 | |
| 029 | 1 | |a NZ1 |b 11773902 | |
| 029 | 1 | |a NZ1 |b 14234682 | |
| 029 | 1 | |a DKDLA |b 820120-katalog:999938206105765 | |
| 035 | |a (OCoLC)55202642 |z (OCoLC)70732933 |z (OCoLC)85858003 |z (OCoLC)475716732 |z (OCoLC)614548291 |z (OCoLC)647364244 |z (OCoLC)650968068 |z (OCoLC)722256239 |z (OCoLC)760198693 |z (OCoLC)794009209 |z (OCoLC)888476867 |z (OCoLC)988420899 |z (OCoLC)991986241 |z (OCoLC)1008943366 |z (OCoLC)1037698459 |z (OCoLC)1038670113 |z (OCoLC)1045513600 |z (OCoLC)1053104789 |z (OCoLC)1055350518 |z (OCoLC)1081203408 |z (OCoLC)1115078254 |z (OCoLC)1153525873 |z (OCoLC)1228575083 |z (OCoLC)1296657985 | ||
| 037 | |a 22573/ctthsbz |b JSTOR | ||
| 050 | 4 | |a QA76.9.A25 |b F525 2003eb | |
| 072 | 7 | |a COM |x 060040 |2 bisacsh | |
| 072 | 7 | |a COM |x 043050 |2 bisacsh | |
| 072 | 7 | |a COM |x 053000 |2 bisacsh | |
| 072 | 7 | |a TRA000000 |2 bisacsh | |
| 072 | 7 | |a POL012000 |2 bisacsh | |
| 082 | 0 | 4 | |a 005.8 |2 22 |
| 049 | |a UAMI | ||
| 245 | 0 | 0 | |a Finding and fixing vulnerabilities in information systems : |b the vulnerability assessment & mitigation methodology / |c Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency. |
| 246 | 3 | 0 | |a Vulnerability assessment & mitigation methodology |
| 246 | 3 | 0 | |a Vulnerability assessment and mitigation methodology |
| 260 | |a Santa Monica, CA : |b Rand, |c 2003. | ||
| 300 | |a 1 online resource (xxvi, 117 pages) : |b illustrations | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 490 | 1 | |a Rand note ; |v MR-1601-DARPA | |
| 504 | |a Includes bibliographical references. | ||
| 505 | 0 | |a Introduction -- Concepts and definitions -- VAM methodology and other DoD practices in risk assessment -- Vulnerability attributes of system objects -- Direct and indirect security techniques -- Generating security options for vulnerabilities -- Automating and executing the methodology: a spreadsheet tool -- Next steps and discussion -- Summary and conclusions -- Appendix: Vulnerability to mitigation map values. | |
| 520 | |a Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers. | ||
| 588 | 0 | |a Print version record. | |
| 590 | |a JSTOR |b Books at JSTOR Open Access | ||
| 590 | |a JSTOR |b Books at JSTOR All Purchased | ||
| 650 | 0 | |a Computer security. | |
| 650 | 0 | |a Data protection. | |
| 650 | 0 | |a Risk assessment. | |
| 650 | 4 | |a Engineering & Applied Sciences. | |
| 650 | 4 | |a Computer Science. | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 6 | |a Protection de l'information (Informatique) | |
| 650 | 6 | |a Évaluation du risque. | |
| 650 | 7 | |a risk assessment. |2 aat | |
| 650 | 7 | |a COMPUTERS |x Internet |x Security. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Networking |x Security. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Security |x General. |2 bisacsh | |
| 650 | 7 | |a TRANSPORTATION |x General. |2 bisacsh | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Data protection |2 fast | |
| 650 | 7 | |a Risk assessment |2 fast | |
| 700 | 1 | |a Antón, Philip S. | |
| 710 | 1 | |a United States. |b Defense Advanced Research Projects Agency. | |
| 776 | 0 | 8 | |i Print version: |t Finding and fixing vulnerabilities in information systems. |d Santa Monica, CA : Rand, 2003 |z 0833034340 |w (DLC) 2003012342 |w (OCoLC)52349150 |
| 776 | 0 | 8 | |i Online version: |t Finding and fixing vulnerabilities in information systems. |d Santa Monica, CA : Rand, 2003 |w (OCoLC)1296657985 |
| 830 | 0 | |a Rand note ; |v MR-1601-DARPA. | |
| 856 | 4 | 0 | |u https://jstor.uam.elogim.com/stable/10.7249/mr1601darpa |z Texto completo |
| 880 | 1 | |6 700-00/Thai |a Antโon, Philip S. | |
| 938 | |a Baker & Taylor |b BKTY |c 24.00 |d 24.00 |i 0833034340 |n 0004248472 |s active | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL197482 | ||
| 938 | |a ebrary |b EBRY |n ebr10056172 | ||
| 938 | |a EBSCOhost |b EBSC |n 105337 | ||
| 938 | |a YBP Library Services |b YANK |n 2344704 | ||
| 994 | |a 92 |b IZTAP | ||