Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology

Finding and fixing vulnerabilities in information systems : the vulnerability assessment & mitigation methodology /

Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, unders...

Full description

Saved in:
Bibliographic Details
Online Access: Access full-text online via JSTOR
Corporate Author: United States. Defense Advanced Research Projects Agency
Other authors / contributors: Antón, Philip S.
Imprint: Santa Monica, CA : Rand, 2003.
Format: Electronic
Language:English
Subjects:
Computer security.
Data protection.
Risk assessment.
Series:Rand note ; MR-1601-DARPA.
Table of Contents:
  • Introduction
  • Concepts and definitions
  • VAM methodology and other DoD practices in risk assessment
  • Vulnerability attributes of system objects
  • Direct and indirect security techniques
  • Generating security options for vulnerabilities
  • Automating and executing the methodology: a spreadsheet tool
  • Next steps and discussion
  • Summary and conclusions
  • Appendix: Vulnerability to mitigation map values.

Similar Items