A Practical Guide to Security Engineering and Information Assurance provides insight into the broader realm of information assurance (IA). It explains real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system. The author provides step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. The guide provides a complete methodology for information integrity and security throughout the life of a system.
This book is a comprehensive yet practical guide to security engineering and
the broader realm of information assurance (IA). This book fills an important
gap in the professional literature.
The relationship between security engineering and IA and why both are
needed is explained. Innovative long-term vendor, technology, and applicationindependent
strategies demonstrate how to protect critical systems and data
from accidental and intentional action and inaction that could lead to a system
failure/compromise. These real-world strategies are applicable to all systems,
from small systems supporting a home-based business to those of a multinational
corporation, government agency, or critical infrastructure system. Stepby-
step, in-depth solutions take one from defining information security/IA goals
through performing vulnerability/threat analyses, implementing and verifying
the effectiveness of threat control measures, to conducting accident/incident
investigations, whether internal, independent, regulatory, or forensic. A review
of historical approaches to information security/IA puts the discussion in context
for today’s challenges. Extensive glossaries of information security/IA terms
and 80 techniques are an added bonus.
This book is written for engineers, scientists, managers, regulators, academics,
and policy-makers responsible for information security/IA. Those who
have to comply with Presidential Decision Directive (PDD-63), which requires
all government agencies to implement an IA program and certify missioncritical
systems by May 2003, will find this book especially useful.