1st Edition
Building A Global Information Assurance Program
Governments, their agencies, and businesses are perpetually battling to protect valuable, classified, proprietary, or sensitive information but often find that the restrictions imposed upon them by information security policies and procedures have significant, negative impacts on their ability to function. These government and business entities are beginning to realize the value of information assurance (IA) as a tool to ensure that the right information gets to the right people, at the right time, with a reasonable expectation that it is timely, accurate, authentic, and uncompromised.
Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program, Building a Global Information Assurance Program describes the key building blocks of an IA development effort including:
Because of their extensive and diverse backgrounds, the authors bring a unique perspective to current IT issues. The text presents their proprietary process based on the systems development life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave approach to IA program development, from program planning and design to implementation, support, and phase out. Building a Global Information Assurance Program provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs, and with less risk.
Authentication
Confidentiality
Non-repudiation
BASIC CONCEPTS
Attributes
Information Attributes
Pure Information Attributes
Attributes Influenced by the System
System Attributes
Security Attributes
Information System Support Planning Principles
The Bottom Line, Revisited
Information Assurance (IA)
Commercial Capabilities
Security
Network Views
Risk Management
Cognitive Hierarchy
Types of Logic
Summary
RISK, THREAT AND VULNERABILITY
OVERVIEW OF SYSTEMS ENGINEERING
A Systems Engineering Case Study
Case Study Background
The Mission
The Goal
An Approach Toward A Solution
Case Tools: A Means of Managing Architectural Information
The Current Process
Maritime Strategy
The Threat
Top Level Warfare Requirements (TLWRs)
Architecture: A System Description
Assessment: How Well Does It Fulfill Requirements?
Shortfalls and Overlaps: Identifying Strengths and Weaknesses
Architectural Options: Making the Right Choices
The Proposed Process
Architecture Development
Architectural Principles
Mission Requirements Analysis
Functional Analysis
Operational Functions
System Functions
Requirements Allocation
Assessment of the Current Architecture
Identification of Shortfalls and Overlaps
Development of Architectural Options
Assessment of Options
Proposed New (Notional) Architecture
System Synthesis
The Need for Maintaining Up-to-Date Documentation
Summary
IA TASK FORCE
Requirements Analysis
Functional Analysis
Evaluation and Decision
System Synthesis
Documentation
Concluding Chapter Remarks
REQUIREMENTS
Beginnings
The Object-Oriented Paradigm
Summary
DESIGN
Operational Design Considerations
Technology Design Considerations
Business Continuity Design Considerations
Concluding Remarks for this Chapter
IMPLEMENTATION AND TESTING
IATP Defined
Requirement for an IATP
Management's Role
Disruption of Service Caused by IATP Implementation
IATP Development
Critical Elements of the IATP
Preliminary Planning: Test Requirements
Test Team
Preparatory Actions: Test Methodology
Chapter Concluding Remarks
IA LIFE CYCLE SUPPORT AND OPERATIONAL CONSIDERATIONS
The Information Assurance Life Cycle Methodology
Concluding Remarks for This Section
THE INFORMATION ASSURANCE CENTER
Introduction
Overview of the Naval Aviation Safety Program
Findings
Recommendations
The National Defense Industrial Association (NDIA) IAC Concept: A Closing Note
AUTOMATED TOOLS
Internal Vulnerability Scanning/Auditing Tools
Patches and Replacements
Password Enhancing Tools/Authentication and System Security Tools
Password Breaking Tools
Access Control Tools
Logging Tools
Logging Utilities
Intrusion Detection Tools/Network Monitoring Tools
System Status Reporting Tools
Mail Security Tools
Packet Filtering Tools
Firewall Tools
Real-Time Attack Response Tools
Encryption Tools
Host Configuration Tools
Anti-Virus Tools
Cryptographic Checksum Tools
Miscellaneous Tools
Visualization Tools
I'm Going to Break in and Compromise Your Information
A Sampling of Software Tools that Attackers Use
SUMMARY
Conclusions and Recommendations
Future Work
ABOUT THE AUTHORS
APPENDIXES
Acronyms
Glossary
Links
References
Index
Biography
Raymond J Curts (Strategic Consulting, Fairfax Station, Virginia, USA) (Author) , Douglas E Campbell (Syneca Research Group Inc., Fairfax, Virginia, USA) (Author)