[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] towards a taxonomy of Information Assurance (IA)
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] towards a taxonomy of Information Assurance (IA)
- From: Abe Usher <abe.usher@sharp-ideas.net>
- Date: Tue, 26 Aug 2003 07:54:47 -0400
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
Fellow Information Security Professionals,<br>
<br>
Bottom line: I'd like your help in shaping a usable taxonomy of
<span style="font-weight: bold;">Information Assurance</span>.*<br>
<br>
This taxonomy is part of my graduate studies, and will not be used for
any commercial purposes. It will remain an "open source" open project.<br>
<br>
I am presently working on creating a taxonomy of information assurance,
based on the three aspects of:<br>
(1) Information characteristics<br>
(2) Information states<br>
(3) Security countermeasures<br>
<br>
These three aspects of Information Assurance (IA) were highlighted by
John McCumber [1] as well as a team of West Point researchers [2] as a
component of works that define an integrated approach to security. I
have also considered the works of Matt Bishop [3] in how to create a
useful taxonomy.<br>
<br>
Within the next 6 months, I would like to create a taxonomy that
<span style="font-weight: bold;">graphically</span> depicts the
relationships of these three aspects. I will use an "open source"
model whereby all of my findings & results will be posted for
public review and revision.<br>
<br>
My intent is that this taxonomy could be used by the academic
community, industry, and government in improving the precision of
communication used in discussing information assurance/security topics.<br>
<br>
I have searched the Internet widely for a taxonomy of Information
Assurance, but I have not found anything that is sufficiently detailed
for application with real world problems.<br>
<br>
I've posted my initial results to the following URL:<br>
<br>
<a class="moz-txt-link-freetext"
href="http://www.sharp-ideas.net/ia/information_assurance.htm";>http://www.sharp-ideas.net/ia/information_assurance.htm</a><br>
<br>
for comments and peer review.<br>
<br>
Cheers,<br>
<br>
Abe Usher<br>
<a class="moz-txt-link-abbreviated"
href="mailto:abe.usher@sharp-ideas.net";>abe.usher@sharp-ideas.net</a><br>
<br>
<br>
* Information assurance is defined as "information operations that
protect and defend information and information systems by ensuring
their availability, integrity, authentication, confidentiality, and
non-repudiation. This includes providing for restoration of
information systems by incorporating protection, detection, and
reaction capabilities.<br>
<br>
[1] McCumber, John. "Information Systems Security: A Comprehensive
Model". Proceedings 14th National Computer Security Conference.
National Institute of Standards and Technology. Baltimore, MD.
October 1991.<br>
<br>
[2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A
Model for Information Assurance: An Integrated Approach". Proceedings
of the 2001 IEEE Workshop on Information Assurance and Security. U.S.
Military Academy. West Point, NY. June 2001.<br>
<br>
[3] Bishop, Matt. "A Critical Analysis of Vulnerability Taxonomies".
Department of Computer Science, University of California. Davis, CA.
September 1996.<br>
</body>
</html>