Assessing and Managing Security Risk in IT Systems: A Structured Methodology [Hardcover]

John McCumber (Author)

Book Description

Publication Date: June 15, 2004 | ISBN-10: 0849322324 | ISBN-13: 978-0849322327 | Edition: 1

Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments.

Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process.

Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems.

Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.

Product Details

• Hardcover: 288 pages
• Publisher: Auerbach Publications; 1 edition (June 15, 2004)
• Language: English
• ISBN-10: 0849322324
• ISBN-13: 978-0849322327
• Product Dimensions: 9.3 x 6.3 x 0.8 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #689,093 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

4 of 5 people found the following review helpful:

3.0 out of 5 stars Interesting but repetitive, September 21, 2008

By 

I. Sfiligoi - See all my reviews
(REAL NAME)   

This review is from: Assessing and Managing Security Risk in IT Systems: A Structured Methodology (Hardcover)

The book essentially describes the McCumber Cube information security methodology.
And the McCumber Cube methodology is indeed interesting and worth the read.

Unfortunately, the author wrote around it a whole book!
In the first part the author describes the bases on the information security and relates it to the McCumber Cube (without really describing what the Cube is! Luckily, the hardcover has a picture of it.)
In the second part he dwelves in a little more detail of the McCumber Cube methodology, repeating again and again the same concepts, just with slight viewpoint variations.

Obviously his methodology is described as superior to any other methodology! While he makes a few good points, often he just states this without really comparing it to the other technologies.

Worth the read if you have time to spare... it indeed has a few interesting ideas and viewpoints.
If only they were expressed in a tenth of the space!

2 of 4 people found the following review helpful:

5.0 out of 5 stars Fabulous!, April 26, 2007

By 

Lara Denesia - See all my reviews
(REAL NAME)   

This review is from: Assessing and Managing Security Risk in IT Systems: A Structured Methodology (Hardcover)

I had John as my Info Sec professor for two classes. His insight in class has given me such a passion for InfoSec! I undoubtedly believe his book will do the same! If you can hear him lecture it will only drive your passion even more for the need for and drive towards info security! Anyone who is truly in need of the 'ah-ha' effect should buy this book!