Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: Re: towards a taxonomy of Information Assurance

Re: towards a taxonomy of Information Assurance

From: InfoSec News <isn_at_c4i.org>
Date: Wed, 27 Aug 2003 11:03:58 -0500 (CDT)

Forwarded from: Freddie Beaver <frebea44_at_earthlink.net>

ok, Mark, please be kind to academia :-)

Academic research needs to take the obvious, scrutinize it to pieces,
and attempt to statistically validate it or hopefully find a
questionable flaw that will give fodder for a dissertation or
tenure-required publishing. In this process someone may actually
"improve the wheel".

I side with you on the fact that practitioners don't need to spend
time creating their own taxonomies when CC, Cobit, etc are available,
but the academics are required to. I should know, I've been on all
three sides of the fence: academia, corporate, and defense!

FYI for all: I'm looking into doing a statistical (scientific)
validation of Cobit. If anyone knows of any pre-existing studies or
survey instruments related to it, I would appreciate the feedback.

Beav

Freddie E. Beaver
6167 Lakefront Dr. N.
Horn Lake, MS 38637
Home: (662) 781-2161
Cell: (901) 438-4805
Email: frebea44_at_earthlink.net
----- Original Message -----
From: "InfoSec News" <isn_at_c4i.org>
To: <isn_at_attrition.org>
Sent: Tuesday, August 26, 2003 7:51 AM
Subject: Re: [ISN] towards a taxonomy of Information Assurance

> Forwarded from: Mark Bernard <mbernard_at_nbnet.nb.ca>
>
> Dear Associates,
>
> Here we go again, some pointy heads have an idea!! Wow!
>
> Sorry guys, systems assurance reviews have already been pioneered so
> why are we spending time creating a taxonomy like we just discovered
> something?
>
> Systems assurance is based on two elements, they are as follows;
>
> (1). (POLICY); Compliance with security standards as directed by
> corporate information security policy. This also takes into
> consideration legislation and industry best practices.
>
> (2). (STANDARDS): Trusted Computer System Evaluation Criteria (TCSEC)/
> Orange Book, Information Technology Security Evaluation Criteria
> (ITSEC), and/or the combination of both known as the Common Criteria.
> You can also checkout Control Objectives for Information and Related
> Technology (COBiT) at www.isaca.org
>
>
> I can tell you that most organizations prefer to do there own
> evaluations, so COBiT is perfect because it provides a framework for
> Self-Review Assessments.
>
> http://www.isaca.org/template.cfm?Section=COBIT6
>
>
http://www.isaca.org/Template.cfm?Section=Assurance&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=19&ContentID=8746
>
>
> Next!!
>
> Best regards,
> Mark. E. S. Bernard, CISM,
>
>
> ----- Original Message -----
> From: "InfoSec News" <isn_at_c4i.org>
> To: <isn_at_attrition.org>
> Sent: Monday, August 25, 2003 4:38 AM
> Subject: [ISN] towards a taxonomy of Information Assurance
>
>
> > Forwarded from: Abe Usher <abe.usher_at_sharp-ideas.net>
> >
> > Information Security Professionals at ISN,
> >
> > Bottom line: I'd like your help in shaping a usable taxonomy of
> > Information Assurance.*
> >
> > I am presently working on creating a taxonomy of information assurance,
> > based on the three aspects of:
> > (1) Information characteristics
> > (2) Information states
> > (3) Security countermeasures
> >
> > These three aspects of Information Assurance (IA) were highlighted by
> > John McCumber [1] as well as a team of West Point researchers [2] as a
> > component of works that define an integrated approach to security.
> >
> > Within the next 6 months, I would like to create a taxonomy that
> > graphically depicts the relationships of these three aspects.
> >
> > My intent is that this taxonomy could be used by the academic community,
> > industry, and government in improving the precision of communication
> > used in discussing information assurance/security topics.
> >
> > I have searched the Internet widely for a taxonomy of Information
> > Assurance, but I have not found anything that is sufficiently detailed
> > for application with real world problems.
> >
> > I've posted my initial results to the following URL:
> >
> > http://www.sharp-ideas.net/ia/information_assurance.htm
> >
> > for comments and peer review.
> >
> > Cheers,
> >
> > Abe Usher
> > abe.usher_at_sharp-ideas.net
> >
> >
> > * Information assurance is defined as "information operations that
> > protect and defend information and information systems by ensuring
> > their availability, integrity, authentication, confidentiality,
> > and non-repudiation. This includes providing for restoration of
> > information systems by incorporating protection, detection, and
> > reaction capabilities.
> >
> > [1] McCumber, John. "Information Systems Security: A Comprehensive
> > Model". Proceedings 14th National Computer Security Conference.
> > National Institute of Standards and Technology. Baltimore, MD.
> > October 1991.
> >
> > [2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A
> > Model for Information Assurance: An Integrated Approach". Proceedings
> > of the 2001 IEEE Workshop on Information Assurance and Security.
> > U.S. Military Academy. West Point, NY. June 2001.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Aug 28 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos