A PRACTICAL APPROACH TO SUFFICIENT INFOSEC
暂无分享,去创建一个
[This paper examines an approach to information which is based on providing the customer with “Sufficient INFOSEC” based on needs as determined through a process that includes a business review, risk analysis, engineered solutions, and continuous review. It recognizes the absence of absolute security in any practical sense and promotes “adequate” security based on assurance based risk mitigation. It promotes the idea that security protection needs are dynamic – not static, and environmentally driven. A secondary issue is raised in questioning the lack of flexibility present today in DoD with respect to INFOSEC regulations that fail to take into account the environment being protected.]
[1] Edward A. Feustel,et al. The DGSA: unmet information security challenges for operating system designers , 1998, OPSR.
[2] Eugene H. Spafford,et al. The internet worm: crisis and aftermath , 1989 .
[3] Jon A. Rochlis,et al. With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.