Fr. 115.70

Djenana Campara, Djenana (President and CEO of KDM Analytics) Campara, Campara Djenana, Nikolai Mansourov, Nikolai (Chief Technical Officer At Kdm Mansourov, Nikolai (Chief Technical Officer at KDM Analytics) Mansourov...

System Assurance - Beyond Detecting Vulnerabilities

English · Paperback / Softback

New edition in preparation, currently unavailable

Description

System assurance tools go beyond detecting vulnerabilities - they provide evidence to support the claim that the system is secure. This title provides end-to-end methodology for systematic, repeatable, and affordable System Assurance. It includes an overview of OMG Software Assurance Ecosystem protocols.

List of contents

Contents
1. Why Hackers know more about our systems
1.1 Operating in cyberspace involves risks
1.2 Why Hackers are repeatadly successful
1.2.1 What are the challenges in defending cybersystems?
1.2.1.1 Difficulties in understanding and assessing risks
1.2.1.2 Understanding Development Trends
1.2.1.3 Comprehending Systems' Complexity
1.2.1.4 Understanding Assessment Practices and their Limitations
1.2.1.5 Vulnerability Scanning Technologies and their Issues
1.3 Where do We Go from Here
1.3.1 Systematic and repeatable defense at affordable cost
1.3.2 The OMG Software Assurance Ecosystem
1.3.3 Linguistic Modeling to manage the common vocabulary
1.4 Who should read this book
2 Chapter: Confidence as a Product
2.1 Are you confident that there is no black cat in the dark room?
2.2 The Nature of Assurance
2.2.1 Engineering, Risk and Assurance
2.2.2 Assurance Case (AC)
2.2.2.1 Contents of an Assurance Case
2.2.2.2 Structure of the Assurance Argument
2.3 Overview of the Assurance Process
2.3.1 Producing Confidence
2.3.1.1 Economics of Confidence
3 Chapter: How to Build Confidence
3.1 Assurance in the System Lifecycle
3.2 Activities of System Assurance Process
3.2.1 Project Definition
3.2.2 Project Preparation
3.2.3 Assurance argument development
3.2.4 Architecture Security Analysis
3.2.4.1 Discover System Facts
3.2.4.2 Threat identification
3.2.4.3 Safeguard Identification
3.2.4.4 Vulnerability detection
3.2.4.5 Security Posture Analysis
3.2.5 Evidence analysis
3.2.6 Assurance Case Delivery
4 Chapter: Knowledge of System as of Element in Cybersecurity argument
4.1 What is system
4.2 Boundaries of the system
4.3 Resolution of the system description
4.4 Conceptual commitment for system descriptions
4.5 System architecture
4.6 Example of an architecture framework
4.7 Elements of System
4.8 System Knowledge Involves Multiple Viewpoints
4.9 Concept of operations (CONOP)
4.10 Network Configuration
4.11 System life cycle and assurance
4.11.1 System life cycle stages
4.11.2 Enabling Systems
4.11.3 Supply Chain
4.11.4 System life cycle processes
4.11.5 The implications to the common vocabulary and the integrated system model
5 Chapter: Knowledge of Risk as an Element of Cybersecurity argument
5.1 Introduction
5.2 Basic cybersecurity elements
5.3 Common vocabulary for risk analysis
5.3.1 Defining diScernable vocabulary for Assets
5.3.2 Threats and hazards
5.3.3 Defining dicernable vocabulary for Injury and Impact
5.3.4 Defining dicernable vocabulary for threats
5.3.5 Threat scenarios and attacks
5.3.6 Defining dicernable vocabulary for vulnerabilities
5.3.7 Defining dicernable vocabulary for safeguards
5.3.8 Risk
5.4 Systematic Threat Identification
5.5 Assurance Strategies
5.5.1 Injury Argument
5.5.2 Entry point argument
5.5.3 Threat argument
5.5.4 Vulnerability argument
5.5.5 Security requirement argument
5.5.6 Assurance of the threat identification
6 Chapter: Knowledge of Vulnerabilities as an Element of Cybersecurity Argument
6.1 Vulnerability as part of system knowledege
6.1.1 What is Vulnerability
6.1.2 Vulnerability as Unit of Knowledge: The History of Vulnerability
6.1.3 Vulnerabilities and the Phases of the System Life Cycle
6.1.4 Enumeration of Vulnerabilities as a Knowledge Product
6.1.5 Vulnerability Databases
6.1.5.1 US-CERT
6.1.5.2 Open Source Vulnerability Database (OSVDB)
6.1.6 Vulnerability Life Cycle
6.2 NIST Security Content Automation

Report

"The Object Management Group (OMG) Software Assurance Ecosystem described in this book is a significant step towards collaborative cyber security automation; it offers a standards-based solution for building security and resilience in computer systems." --Joe Jarzombek, Director for Software Assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security
"System Assurance is a very complex and difficult subject. This book successfully demonstrates and describes in detail how to combine different existing tools together in order to systematically develop System Assurance documentation and justification in a practical manner for a specific domain. The book provides very useful practical guidance that can be used by technical and management practitioners for the specific domain described, and by example for others for different domains." --John P. Hopkinson, Security Strategist, Kwictech

Product details

Authors	Djenana Campara, Djenana (President and CEO of KDM Analytics) Campara, Campara Djenana, Nikolai Mansourov, Nikolai (Chief Technical Officer At Kdm Mansourov, Nikolai (Chief Technical Officer at KDM Analytics) Mansourov, Nikolai Campara Mansourov, Mansourov Nikolai
Publisher	ELSEVIER SCIENCE BV

Languages	English
Product format	Paperback / Softback
Released	06.12.2010

EAN	9780123814142
ISBN	978-0-12-381414-2
No. of pages	368
Series	Morgan Kaufmann The MK/OMG Press The MK/OMG Press
Subjects	Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks COMPUTERS / Security / General, Computer security

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.

Write a review

Thumbs up or thumbs down? Write your own review.