Offers proven security assessment and implementation processes that do not change, even as technology evolves
Discusses the nature of risk and its application to security
Explains how to chart the information states of transmission, storage, and processing against the attributes
of confidentiality, integrity, and availability
Contains a variety of charts to help assess and deploy security within your organization
Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber
Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess
the security attributes of any information system and implement vastly improved security environments.
Part I delivers an overview of information systems security, providing historical perspectives and explaining how
to determine the value of information. This section offers the basic underpinnings of information security and
concludes with an overview of the risk management process.
Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map
information flow in computer and telecom systems. It also explains how to apply the methodology to individual system
components and subsystems.
Part III serves as a resource for analysts and security practitioners who want access to more detailed information
on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this
resource can be applied to his assessment processes.