From: InfoSec News (isnc4i.org)
Date: Tue Aug 26 2003 - 07:51:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Mark Bernard <mbernardnbnet.nb.ca>

Dear Associates,

Here we go again, some pointy heads have an idea!! Wow!

Sorry guys, systems assurance reviews have already been pioneered so
why are we spending time creating a taxonomy like we just discovered
something?

Systems assurance is based on two elements, they are as follows;

(1). (POLICY); Compliance with security standards as directed by
corporate information security policy. This also takes into
consideration legislation and industry best practices.

(2). (STANDARDS): Trusted Computer System Evaluation Criteria (TCSEC)/
Orange Book, Information Technology Security Evaluation Criteria
(ITSEC), and/or the combination of both known as the Common Criteria.
You can also checkout Control Objectives for Information and Related
Technology (COBiT) at www.isaca.org

I can tell you that most organizations prefer to do there own
evaluations, so COBiT is perfect because it provides a framework for
Self-Review Assessments.

http://www.isaca.org/template.cfm?Section=COBIT6

http://www.isaca.org/Template.cfm?Section=Assurance&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=19&ContentID=8746

Next!!

Best regards,
Mark. E. S. Bernard, CISM,

----- Original Message -----
From: "InfoSec News" <isnc4i.org>
To: <isnattrition.org>
Sent: Monday, August 25, 2003 4:38 AM
Subject: [ISN] towards a taxonomy of Information Assurance

> Forwarded from: Abe Usher <abe.ushersharp-ideas.net>
>
> Information Security Professionals at ISN,
>
> Bottom line: I'd like your help in shaping a usable taxonomy of
> Information Assurance.*
>
> I am presently working on creating a taxonomy of information assurance,
> based on the three aspects of:
> (1) Information characteristics
> (2) Information states
> (3) Security countermeasures
>
> These three aspects of Information Assurance (IA) were highlighted by
> John McCumber [1] as well as a team of West Point researchers [2] as a
> component of works that define an integrated approach to security.
>
> Within the next 6 months, I would like to create a taxonomy that
> graphically depicts the relationships of these three aspects.
>
> My intent is that this taxonomy could be used by the academic community,
> industry, and government in improving the precision of communication
> used in discussing information assurance/security topics.
>
> I have searched the Internet widely for a taxonomy of Information
> Assurance, but I have not found anything that is sufficiently detailed
> for application with real world problems.
>
> I've posted my initial results to the following URL:
>
> http://www.sharp-ideas.net/ia/information_assurance.htm
>
> for comments and peer review.
>
> Cheers,
>
> Abe Usher
> abe.ushersharp-ideas.net
>
>
> * Information assurance is defined as "information operations that
> protect and defend information and information systems by ensuring their
> availability, integrity, authentication, confidentiality, and
> non-repudiation. This includes providing for restoration of information
> systems by incorporating protection, detection, and reaction capabilities.
>
> [1] McCumber, John. "Information Systems Security: A Comprehensive
> Model". Proceedings 14th National Computer Security Conference.
> National Institute of Standards and Technology. Baltimore, MD.
> October 1991.
>
> [2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A
> Model for Information Assurance: An Integrated Approach". Proceedings
> of the 2001 IEEE Workshop on Information Assurance and Security.
> U.S. Military Academy. West Point, NY. June 2001.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]