1st Edition

Building A Global Information Assurance Program

    424 Pages 73 B/W Illustrations
    by Auerbach Publications

    424 Pages
    by Auerbach Publications

    Governments, their agencies, and businesses are perpetually battling to protect valuable, classified, proprietary, or sensitive information but often find that the restrictions imposed upon them by information security policies and procedures have significant, negative impacts on their ability to function. These government and business entities are beginning to realize the value of information assurance (IA) as a tool to ensure that the right information gets to the right people, at the right time, with a reasonable expectation that it is timely, accurate, authentic, and uncompromised.

    Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program, Building a Global Information Assurance Program describes the key building blocks of an IA development effort including:

  • Information Attributes
  • System Attributes
  • Infrastructure or Architecture
  • Interoperability
  • IA Tools
  • Cognitive Hierarchies
  • Decision Cycles
  • Organizational Considerations
  • Operational Concepts

    Because of their extensive and diverse backgrounds, the authors bring a unique perspective to current IT issues. The text presents their proprietary process based on the systems development life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave approach to IA program development, from program planning and design to implementation, support, and phase out. Building a Global Information Assurance Program provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs, and with less risk.
  • INTRODUCTION TO INFORMATION ASSURANCE (IA)
    Authentication
    Confidentiality
    Non-repudiation

    BASIC CONCEPTS
    Attributes
    Information Attributes
    Pure Information Attributes
    Attributes Influenced by the System
    System Attributes
    Security Attributes
    Information System Support Planning Principles
    The Bottom Line, Revisited
    Information Assurance (IA)
    Commercial Capabilities
    Security
    Network Views
    Risk Management
    Cognitive Hierarchy
    Types of Logic
    Summary

    RISK, THREAT AND VULNERABILITY

    OVERVIEW OF SYSTEMS ENGINEERING
    A Systems Engineering Case Study
    Case Study Background
    The Mission
    The Goal
    An Approach Toward A Solution
    Case Tools: A Means of Managing Architectural Information
    The Current Process
    Maritime Strategy
    The Threat
    Top Level Warfare Requirements (TLWRs)
    Architecture: A System Description
    Assessment: How Well Does It Fulfill Requirements?
    Shortfalls and Overlaps: Identifying Strengths and Weaknesses
    Architectural Options: Making the Right Choices
    The Proposed Process
    Architecture Development
    Architectural Principles
    Mission Requirements Analysis
    Functional Analysis
    Operational Functions
    System Functions
    Requirements Allocation
    Assessment of the Current Architecture
    Identification of Shortfalls and Overlaps
    Development of Architectural Options
    Assessment of Options
    Proposed New (Notional) Architecture
    System Synthesis
    The Need for Maintaining Up-to-Date Documentation
    Summary

    IA TASK FORCE
    Requirements Analysis
    Functional Analysis
    Evaluation and Decision
    System Synthesis
    Documentation
    Concluding Chapter Remarks

    REQUIREMENTS
    Beginnings
    The Object-Oriented Paradigm
    Summary

    DESIGN
    Operational Design Considerations
    Technology Design Considerations
    Business Continuity Design Considerations
    Concluding Remarks for this Chapter

    IMPLEMENTATION AND TESTING
    IATP Defined
    Requirement for an IATP
    Management's Role
    Disruption of Service Caused by IATP Implementation
    IATP Development
    Critical Elements of the IATP
    Preliminary Planning: Test Requirements
    Test Team
    Preparatory Actions: Test Methodology
    Chapter Concluding Remarks

    IA LIFE CYCLE SUPPORT AND OPERATIONAL CONSIDERATIONS
    The Information Assurance Life Cycle Methodology
    Concluding Remarks for This Section

    THE INFORMATION ASSURANCE CENTER
    Introduction
    Overview of the Naval Aviation Safety Program
    Findings
    Recommendations
    The National Defense Industrial Association (NDIA) IAC Concept: A Closing Note

    AUTOMATED TOOLS
    Internal Vulnerability Scanning/Auditing Tools
    Patches and Replacements
    Password Enhancing Tools/Authentication and System Security Tools
    Password Breaking Tools
    Access Control Tools
    Logging Tools
    Logging Utilities
    Intrusion Detection Tools/Network Monitoring Tools
    System Status Reporting Tools
    Mail Security Tools
    Packet Filtering Tools
    Firewall Tools
    Real-Time Attack Response Tools
    Encryption Tools
    Host Configuration Tools
    Anti-Virus Tools
    Cryptographic Checksum Tools
    Miscellaneous Tools
    Visualization Tools
    I'm Going to Break in and Compromise Your Information
    A Sampling of Software Tools that Attackers Use

    SUMMARY
    Conclusions and Recommendations
    Future Work

    ABOUT THE AUTHORS
    APPENDIXES
    Acronyms
    Glossary
    Links
    References
    Index

    Biography

    Raymond J Curts (Strategic Consulting, Fairfax Station, Virginia, USA) (Author) , Douglas E Campbell (Syneca Research Group Inc., Fairfax, Virginia, USA) (Author)