skip to content
Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology Preview this item
ClosePreview this item
Checking...

Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology

Author: Antโon, Philip S. ; ; Philip S Antón; United States. Defense Advanced Research Projects Agency.
Publisher: Santa Monica, CA : Rand, 2003.
Series: Rand note, MR-1601-DARPA.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Database:WorldCat
Summary:
Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

 

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Finding and fixing vulnerabilities in information systems.
Santa Monica, CA : Rand, 2003
(DLC) 2003012342
(OCoLC)52349150
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Antโon, Philip S. ; ; Philip S Antón; United States. Defense Advanced Research Projects Agency.
ISBN: 0833035991 9780833035998 0833034340 9780833034342
OCLC Number: 55202642
Description: 1 online resource (xxvi, 117 pages) : illustrations.
Contents: Introduction --
Concepts and Definitions --
VAM Methodology and Other DoD Practices in Risk Assessment --
Vulnerability Attributes of System Objects --
Direct and Indirect Security Techniques --
Generating Security Options for Vulnerabilities --
Automating and Executing the Methodology: A Spreadsheet Tool --
Next Steps and Discussion --
Summary and Conclusions --
Appendix: Vulnerability to Mitigation Map Values.
Series Title: Rand note, MR-1601-DARPA.
Other Titles: Vulnerability assessment & mitigation methodology
Vulnerability assessment and mitigation methodology
Responsibility: Philip S. Anton [and others] ; prepared for the Defense Advanced Research Projects Agency.

Abstract:

Introduces the Vulnerability Assessment and Mitigation methodology, which guides its users through a comprehensive review of vulnerabilities across all aspects of information systems.  Read more...

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


<http://www.worldcat.org/oclc/55202642>
library:oclcnum"55202642"
library:placeOfPublication
library:placeOfPublication
owl:sameAs<info:oclcnum/55202642>
rdf:typeschema:Book
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:bookFormatschema:EBook
schema:contributor
schema:contributor
<http://viaf.org/viaf/132454617>
rdf:typeschema:Organization
schema:name"United States. Defense Advanced Research Projects Agency."
schema:datePublished"2003"
schema:description"Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers."@en
schema:description"Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values."@en
schema:exampleOfWork<http://worldcat.org/entity/work/id/793918406>
schema:genre"Electronic books."@en
schema:inLanguage"en"
schema:name"Finding and fixing vulnerabilities in information systems the vulnerability assessment & mitigation methodology"@en
schema:name"Vulnerability assessment and mitigation methodology"@en
schema:name"Vulnerability assessment & mitigation methodology"@en
schema:publisher
schema:url<http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=105337>
schema:url<http://books.google.com/books?id=fOcTAQAAMAAJ>
schema:url<http://www.jstor.org/stable/10.7249/MR1601DARPA>
schema:url<http://public.eblib.com/EBLPublic/PublicView.do?ptiID=197482>
schema:url<http://site.ebrary.com/id/10056172>
schema:url
schema:workExample
schema:workExample

Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.