Re: towards a taxonomy of Information Assurance (IA)
From: Meritt James (meritt_james_at_bah.com)
Date: 08/27/03
- Previous message: Rob Shein: "RE: Increasing ICMP Echo Requests"
- In reply to: Abe Usher: "towards a taxonomy of Information Assurance (IA)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Aug 2003 11:52:26 -0400 To: Abe Usher <abe.usher@sharp-ideas.net>
You may wish to look into the structure/form/organization of mitre's CVE
library. The Common Vulnerabilities and Exposures home page is at
http://www.cve.mitre.org/
Jim
Abe Usher wrote:
>
> Fellow Information Security Professionals,
>
> Bottom line: I'd like your help in shaping a usable taxonomy of
> Information Assurance.*
>
> This taxonomy is part of my graduate studies, and will not be used for
> any commercial purposes. It will remain an "open source" open project.
>
> I am presently working on creating a taxonomy of information assurance,
> based on the three aspects of:
> (1) Information characteristics
> (2) Information states
> (3) Security countermeasures
>
> These three aspects of Information Assurance (IA) were highlighted by
> John McCumber [1] as well as a team of West Point researchers [2] as a
> component of works that define an integrated approach to security. I
> have also considered the works of Matt Bishop [3] in how to create a
> useful taxonomy.
>
> Within the next 6 months, I would like to create a taxonomy that
> graphically depicts the relationships of these three aspects. I will
> use an "open source" model whereby all of my findings & results will be
> posted for public review and revision.
>
> My intent is that this taxonomy could be used by the academic community,
> industry, and government in improving the precision of communication
> used in discussing information assurance/security topics.
>
> I have searched the Internet widely for a taxonomy of Information
> Assurance, but I have not found anything that is sufficiently detailed
> for application with real world problems.
>
> I've posted my initial results to the following URL:
>
> http://www.sharp-ideas.net/ia/information_assurance.htm
>
> for comments and peer review.
>
> Cheers,
>
> Abe Usher
> abe.usher@sharp-ideas.net
>
> * Information assurance is defined as "information operations that
> protect and defend information and information systems by ensuring their
> availability, integrity, authentication, confidentiality, and
> non-repudiation. This includes providing for restoration of information
> systems by incorporating protection, detection, and reaction capabilities.
>
> [1] McCumber, John. "Information Systems Security: A Comprehensive
> Model". Proceedings 14th National Computer Security Conference.
> National Institute of Standards and Technology. Baltimore, MD. October
> 1991.
>
> [2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A
> Model for Information Assurance: An Integrated Approach". Proceedings
> of the 2001 IEEE Workshop on Information Assurance and Security. U.S.
> Military Academy. West Point, NY. June 2001.
>
> [3] Bishop, Matt. "A Critical Analysis of Vulnerability Taxonomies".
> Department of Computer Science, University of California. Davis, CA.
> September 1996.
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event. Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------------
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
- Previous message: Rob Shein: "RE: Increasing ICMP Echo Requests"
- In reply to: Abe Usher: "towards a taxonomy of Information Assurance (IA)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
