towards a taxonomy of Information Assurance (IA)

From: Abe Usher (abe.usher_at_sharp-ideas.net)
Date: 08/26/03

  • Next message: Joel Snyder: "Re: Network IDS"
    Date: Tue, 26 Aug 2003 08:02:57 -0400
    To: focus-ids@securityfocus.com
    
    

    Fellow Information Security Professionals,

    Bottom line: I'd like your help in shaping a usable taxonomy of
    Information Assurance.*

    This taxonomy is part of my graduate studies, and will not be used for
    any commercial purposes. It will remain an "open source" open project.

    I am presently working on creating a taxonomy of information assurance,
    based on the three aspects of:
    (1) Information characteristics
    (2) Information states
    (3) Security countermeasures

    These three aspects of Information Assurance (IA) were highlighted by
    John McCumber [1] as well as a team of West Point researchers [2] as a
    component of works that define an integrated approach to security. I
    have also considered the works of Matt Bishop [3] in how to create a
    useful taxonomy.

    Within the next 6 months, I would like to create a taxonomy that
    graphically depicts the relationships of these three aspects. I will
    use an "open source" model whereby all of my findings & results will be
    posted for public review and revision.

    My intent is that this taxonomy could be used by the academic community,
    industry, and government in improving the precision of communication
    used in discussing information assurance/security topics.

    I have searched the Internet widely for a taxonomy of Information
    Assurance, but I have not found anything that is sufficiently detailed
    for application with real world problems.

    I've posted my initial results to the following URL:

    http://www.sharp-ideas.net/ia/information_assurance.htm

    for comments and peer review.

    Cheers,

    Abe Usher
    abe.usher@sharp-ideas.net

    * Information assurance is defined as "information operations that
    protect and defend information and information systems by ensuring their
    availability, integrity, authentication, confidentiality, and
    non-repudiation. This includes providing for restoration of information
    systems by incorporating protection, detection, and reaction capabilities.

    [1] McCumber, John. "Information Systems Security: A Comprehensive
    Model". Proceedings 14th National Computer Security Conference.
    National Institute of Standards and Technology. Baltimore, MD. October
    1991.

    [2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A
    Model for Information Assurance: An Integrated Approach". Proceedings
    of the 2001 IEEE Workshop on Information Assurance and Security. U.S.
    Military Academy. West Point, NY. June 2001.

    [3] Bishop, Matt. "A Critical Analysis of Vulnerability Taxonomies".
    Department of Computer Science, University of California. Davis, CA.
    September 1996.

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
    ---------------------------------------------------------------------------


  • Next message: Joel Snyder: "Re: Network IDS"

    Relevant Pages

    • towards a taxonomy of Information Assurance (IA)
      ... Fellow Information Security Professionals, ... This taxonomy is part of my graduate studies, and will not be used for ... I am presently working on creating a taxonomy of information assurance, ... availability, integrity, authentication, confidentiality, and ...
      (Incidents)
    • towards a taxonomy of Information Assurance (IA)
      ... Fellow Information Security Professionals, ... This taxonomy is part of my graduate studies, and will not be used for ... I am presently working on creating a taxonomy of information assurance, ... availability, integrity, authentication, confidentiality, and ...
      (Security-Basics)
    • [Full-Disclosure] towards a taxonomy of Information Assurance (IA)
      ... Fellow Information Security Professionals, ... This taxonomy is part of my graduate studies, and will not be used for ... I am presently working on creating a taxonomy of information assurance, ... availability, integrity, authentication, confidentiality, and ...
      (Full-Disclosure)
    • towards a taxonomy of Information Assurance (IA)
      ... Fellow Information Security Professionals, ... This taxonomy is part of my graduate studies, and will not be used for ... I am presently working on creating a taxonomy of information assurance, ...
      (Pen-Test)
    • towards a taxonomy of Information Assurance (IA)
      ... Fellow Information Security Professionals, ... This taxonomy is part of my graduate studies, and will not be used for ... I am presently working on creating a taxonomy of information assurance, ... asynchronous, real-time replication, to deliver disaster recovery, data ...
      (NT-Bugtraq)