A Practical Guide to Security Engineering and Information Assurance

A Practical Guide to Security Engineering and Information Assurance

By: Debra S. Herrmann (author)Hardback

More than 4 weeks availability


Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority. A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise. The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system. The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

Create a review


Introduction Background Purpose Scope Intended Audience Organization What is Information Assurance, How Does it Relate to Information Security, and Why Are Both Needed? Definition Application Domains Technology Domains Importance Stakeholders Summary Discussion Problems Historical Approaches to Information Security and Information Assurance Physical Security Communications Security (COMSEC) Computer Security (COMPUSEC) Information Security (INFOSEC) Operations Security (OPSEC) System Safety System Reliability Summary Discussion Problems Define the System Boundaries Determine What is Being Protected and Why Identify the System Characterize System Operation Ascertain What You Do/Do Not Have Control Over Summary Discussion Problems Perform Vulnerability and Threat Analyses Definitions Select/Use IA Analysis Techniques Identify Vulnerabilities, Their Type, Source, and Severity Identify Threats, Their Type, Source, and Likelihood Evaluate Transaction Paths, Critical Threat Zones, and Risk Exposure Summary Discussion Problems Implement Threat Control Measures Determine How Much Protection is Needed Operational Procedures, In-Service Considerations, Controllability Contingency Planning and Disaster Recovery Perception Management Select/Implement IA Design Features and Techniques Summary Discussion Problems Verify Effectiveness of Threat Control Measures Select/Employ IA Verification Techniques Determine Residual Risk Monitor Ongoing Risk Exposure, Responses, and Survivability Summary Discussion Problems Conduct Accident/Incident Investigations Introduction Analyze Cause, Extent, and Consequences of Failure/Compromise Initiate Short-term Recovery Mechanisms Report Accident/Incident Deploy Long-term Remedial Measures Evaluate Legal Issues Summary Discussion Problems Annex A - Glossary of Terms Annex B - Glossary of Techniques Annex C - Additional Resources Annex D - Summary of the components, activities, and tasks of an effective information security/IA program Index

Product Details

  • publication date: 18/10/2001
  • ISBN13: 9780849311635
  • Format: Hardback
  • Number Of Pages: 408
  • ID: 9780849311635
  • weight: 929
  • ISBN10: 0849311632

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly