Metrics and Methods for Security Risk Management



Similar documents
Risk Analysis and the Security Survey

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

INTERNATIONAL MONEY AND FINANCE

Customer Relationship Management

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection

for the Entire Organization

Network Security: A Practical Approach. Jan L. Harrington

Data Warehousing in the Age of Big Data

Electricity for the Entertainment Electrician Ef Technician

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

Managing Data in Motion

Measuring Data Quality for Ongoing Improvement

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON

Master Data Management

Supply Chain Strategies

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

Engineering DOCUMENTATION CONTROL HANDBOOK

Eleventh Hour Security+

Rapid System Prototyping with FPGAs

Private Equity and Venture Capital in Europe

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Digital Forensics with Open Source Tools

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

QUANTITATIVE METHODS. for Decision Makers. Mik Wisniewski. Fifth Edition. FT Prentice Hall

Integrated Reservoir Asset Management

Practical Web Analytics for User Experience

Virtualization and Forensics

Winning the Hardware-Software Game

Human Performance Improvement

Public Relations in Schools

Financial Statement Analysis

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

Valvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL

Molecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION

IT Manager's Handbook

Relationship marketing

Practical Text Mining and Statistical Analysis for Non-structured Text Data Applications

IIB. Complete PCB Design Using OrCAD Capture and PCB Editor. Kraig Mitzner. ~»* ' AMSTERDAM BOSTON HEIDELBERG LONDON ^ i H

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

Working Memory and Education

CIMA'S Official Learning System

Developer's Handbook

SharePoint Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.

superseries FIFTH EDITION

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

Univariate and Multivariate Methods PEARSON. Addison Wesley

The Data Access Handbook

Eye Tracking in User Experience Design

Social Media Marketing

Platform Ecosystems. Aligning Architecture, Governance, and Strategy. Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO

The Designer's Guide to VHDL

Implementation. Business-Driven IT-Wide Agile (Scrum) and Kanban (Lean) Andrew T. Pham and David K. Pham. An Action Guide for Business and IT Leaders

Software and Hardware Solutions for Accurate Data and Profitable Operations. Miguel J. Donald J. Chmielewski Contributor. DuyQuang Nguyen Tanth

Casual Game Design. Designing Play. Gamer in All of Us. for the. Gregory Trefry. TL'CHNiSCME HANNOVER. INFO R iv'iat io N S o i B L i OT H E K

Compensating the Sales Force

Manager's Guide to Crisis Management

Implementing Database Security and Auditing

How To Write A Diagram

Implementing the Project Management Balanced Scorecard

Business Information Systems and Technology

SOFTWARE TESTING AS A SERVICE

Agile Methods. Introduction to. AAddison-Wesley. Sondra Ashmore, Ph.D. Kristin Runyan. Capetown Sydney Tokyo Singapore Mexico City

Practical Intrusion Analysis

Purchasing and Supply Chain Management

BUILDING DESIGN FOR HOMELAND SECURITY. Unit I Building Design for Homeland Security

4G LTE/LTE-Advanced for Mobile Broadband

Lean Supply Chain and Logistics Management

Executive's Guide to Project Management

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

Scenario-Based Development of Human-Computer Interaction. MARY BETH ROSSON Virginia Polytechnic Institute and State University

BUSINESS AND PROFESSIONAL COMMUNICATION

Building. Applications. in the Cloud. Concepts, Patterns, and Projects. AAddison-Wesley. Christopher M. Mo^ar. Cape Town Sydney.

Electric Power Distribution

Contents. Assessing Social Media Security. Chapter! The Social Media Security Process 3

CONTEMPORARY DIRECT & INTERACTIVE MARKETING

Macroeconomics. Manfred Gartner. Prentice Hall THIRD EDITION. University of St Gallen, Switzerland. An imprint of Pearson Education

HANDBOOK OF CORPORATE FINANCE

Bitcoin, Innovation, Financial. Instruments, and Big Data

HANDBOOK OF SPORTS AND LOTTERY MARKETS

Transcription:

Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of Elsevier SYNGRESS.

Table of Contents About the Author Foreword Preface Acknowledgments xi xiii xv xix PART I THE STRUCTURE OF SECURITY RISK CHAPTER 1 Security Threats and Risk 3 1.1 Introduction to Security Risk or Tales of the Psychotic Squirrel and the Sociable Shark 3 1.2 The Fundamental Expression of Security Risk 9 1.3 Introduction to Security Risk Models and Security Risk Mitigation 14 1.4 Summary 17 CHAPTER 2 The Fundamentals of Security Risk Measurements 19 2.1 Introduction : 19 2.2 Linearity and Non-linearity 19 2.3 Exponents, Logarithms and Sensitivity to Change 25 2.4 The Exponential Function e x 27 2.5 The Decibel (db) 28 2.6 Security Risk and the Concept of Scale 31 2.7 Some Common Physical Models in Security Risk 33 2.8 Visualizing Security Risk 37 2.9 An Example: Guarding Costs 42 2.10 Summary, 43 CHAPTER 3 Risk Measurements and Security Programs 45 3.1 Introduction 45 3.2 The Security Risk Assessment Process 47 3.2.1 Unique Threats 47 3.2.2 Motivating Security Risk Mitigation: The Five Commandments of Corporate Security 48 3.2.3 Security Risk Models 49 3.3 Managing Security Risk 54 3.3.1 The Security Risk Mitigation Process 54 3.3.2 Security Risk Standards 58 vii

viii Table of Contents PART II 3.4 Security Risk Audits 70 3.5 Security Risk Program Frameworks 73 3.6 Summary 73 MEASURING AND MITIGATING SECURITY RISK CHAPTER 4 Measuring the Likelihood Component of Security Risk 81 4.1 Introduction 81 4.2 Likelihood or Potential for Risk? 82 4.3 Estimating the Likelihood of Randomly Occurring Security Incidents 85 4.4 Estimating The Potential for Biased Security Incidents 88 4.5 Averages and Deviations 91 4.6 Actuarial Approaches to Security Risk 97 4.7 Randomness, Loss, and Expectation Value 99 4.8 Financial Risk 106 4.9 Summary 107 CHAPTER 5 Measuring the Vulnerability Component of Security Risk 109 5.1 Introduction 109 5.2 Vulnerability to Information Loss through Unauthorized Signal Detection 110 5.2.1 Energy, Waves and Information Ill 5.2.2 Introduction to Acoustic Energy and Audible Information 115 5.2.3 Transmission of Audible Information and Vulnerability to Conversation-Level Overhears 117 5.2.4 Audible Information and the Effects of Intervening Structures '. 120 5.2.5 Introduction to Electromagnetic Energy and Vulnerability to Signal Detection 126 5.2.6 Electromagnetic Energy and the Effects of Intervening Structures 132 5.2.7 Vulnerability to Information Loss through Unauthorized Signal Detection: A Checklist 135 5.3 Vulnerability to Explosive Threats 136 5.3.1 Explosive Parameters 136 5.3.2 Confidence Limits and Explosive Vulnerability 142 5.4 A Theory of Vulnerability to Computer Network Infections 146 5.5 Biological, Chemical and Radiological Weapons 151 5.5.1 Introduction 151

Table of Contents ix 5.5.2 Vulnerability to Radiological Dispersion Devices 152 5.5.3 Vulnerability to Biological Threats 162 5.5.4 Vulnerability to External Contaminants; Bypassing Building Filtration 168 5.5.5 Vulnerability to Chemical Threats 172 5.6 The Visual Compromise of Information 173 5.7 Summary 175 CHAPTER 6 Mitigating Security Risk: Reducing Vulnerability 179 6.1 Introduction 179 6.2 Audible Signals 180 6.2.1 Acoustic Barriers 182 6.2.2 Sound Reflection 184 6.2.3 Sound Absorption 185 6.3 Electromagnetic Signals 187 6.3.1 Electromagnetic Shielding 187 6.3.2 Intra-Building Electromagnetic Signal Propagation 191 6.3.3 Inter-Building Electromagnetic Signal Propagation 194 6.3.4 Non-Point Source Electromagnetic Radiation 195 6.4 Vehicle-borne Explosive Threats: Barriers and Bollards 198 6.5 Explosive Threats 203 6.6 Radiological Threats 206 6.7 Biological Threats 210 6.7.1 Paniculate Filtering 210 6.7.2 Ultraviolet Germicidal Irradiation (UVGI) 212 6.7.3 Combining UVGI with Particulate Filtering 214 6.7.4 More Risk Mitigation for Biological Threats 216 6.7.5 Relative Effectiveness of Influenza Mitigation 217 6.8 Mitigating the Risk of Chemical Threats (briefly noted) 222 6.9 Guidelines on Reducing the Vulnerability to Non-Traditional Threats in Commercial Facilities 224 6.10 Commercial Technical Surveillance Countermeasures (TSCM) 225 6.11 Electromagnetic Pulse (EMP) Weapons 234 6.12 Summary 238 Epilogue 243 Appendix A 245 Appendix B 247 Appendix C 249

x Table of Contents Appendix D 251 Appendix E 253 Appendix F 255 Appendix G 257 Appendix H 259 Index 261

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information