Information Security Science Measuring the Vulnerability to Data Compromises
Auteur : Young Carl
Information Security Science: Measuring the Vulnerability to Data Compromises provides the scientific background and analytic techniques to understand and measure the risk associated with information security threats. This is not a traditional IT security book since it includes methods of information compromise that are not typically addressed in textbooks or journals.
In particular, it explores the physical nature of information security risk, and in so doing exposes subtle, yet revealing, connections between information security, physical security, information technology, and information theory. This book is also a practical risk management guide, as it explains the fundamental scientific principles that are directly relevant to information security, specifies a structured methodology to evaluate a host of threats and attack vectors, identifies unique metrics that point to root causes of technology risk, and enables estimates of the effectiveness of risk mitigation.
This book is the definitive reference for scientists and engineers with no background in security, and is ideal for security analysts and practitioners who lack scientific training. Importantly, it provides security professionals with the tools to prioritize information security controls and thereby develop cost-effective risk management strategies.
Part I: Threats, risk and risk assessments
Chapter 1: Information Security Threats and Risk
Chapter 2: Modeling Information Security Risk
Part II: Scientific fundamentals
Chapter 3: Physics and Information Security
Chapter 4: Electromagnetic Waves
Chapter 5: Noise, Interference, and Emanations
Part III: The compromise of signals
Chapter 6: Signals and Information Security
Chapter 7: The Compromise of Electromagnetic Signals
Chapter 8: Countermeasures to Electromagnetic Signal Compromises
Chapter 9: Visual Information Security
Chapter 10: Audible Information Security
Part IV: Information technology risk
Chapter 11: Information Technology Risk Factors
Chapter 12: Information Technology Risk Measurements and Metrics
Chapter 13: Special Information Technology Risk Measurements and Metrics
Part V: The physical security of information assets
Chapter 14: Physical Security Controls
Chapter 15: Data Centers: A Concentration of Information Security Risk
Information Security professionals and students, Physical Security professionals and students
- Specifies the analytic and scientific methods necessary to estimate the vulnerability to information loss for a spectrum of threats and attack vectors
- Represents a unique treatment of the nexus between physical and information security that includes risk analyses of IT device emanations, visible information, audible information, physical information assets, and virtualized IT environments
- Identifies metrics that point to the root cause of information technology risk and thereby assist security professionals in developing risk management strategies
- Analyzes numerous threat scenarios and specifies countermeasures based on derived quantitative metrics
- Provides chapter introductions and end-of-chapter summaries to enhance the reader’s experience and facilitate an appreciation for key concepts
Date de parution : 06-2016
Ouvrage de 406 p.
19x23.4 cm
Thèmes d’Information Security Science :
Mots-clés :
affiliation; antennae; attack anatomy; attack parameters; attackers; audible noise; audible signal detection; audible signal propagation; audible signal shielding; authentication; authorization; broadband signal detection; business practices; computer digital display interface; constructive and destructive interference; correlation measurements and metrics; data center; decibel; density; diffraction; electric field; electromagnetic fields; electromagnetic interference (EMI); electromagnetic pulse; electromagnetic shielding; electromagnetic threat; emanation security limit; emanations; exponential growth and decay; flux; flux generator; Fourier analysis; gain; grounding to reduce emanations; hypervisor; impact; information security policies; information technology implementation; information technology risk measurements; information technology standards; information theory; keyboard emanations; lenses; likelihood; linearity; logarithm; logistic growth; magnetic field; magnetic shielding; Markov models; Maxwell's equations; metrics; metrics criteria; modulation; nonlinearity; optical attacks; optical equipment; optics; organizational culture; parametric scaling; password resilience; physical security strategy; point sources of radiating energy; probability distributions; radiating circuits; resolution limit; resonance; risk; risk assessment; risk factors; risk factors for signal compromise; scale-free distribution; security governance; shot noise; signal attenuation; signal averaging; spatiotemporal risk measurements and metrics; technical surveillance countermeasures; telescopes; the Fourier transform; the NIST Cybersecurity Framework; the physical security of information assets; the probability of protection; thermal noise; threat; user behavior; vectors; Virtual Machine Manager (VMM); virtualization; visual information; vulnerability; wave energy and power; waves