towards a taxonomy of Information Assurance (IA)

To: debian-security@lists.debian.org
Subject: towards a taxonomy of Information Assurance (IA)
From: Abe Usher <abe.usher@sharp-ideas.net>
Date: Tue, 26 Aug 2003 08:01:06 -0400
Message-id: <[🔎] 3F4B4C02.4010101@sharp-ideas.net>

Fellow Information Security Professionals,

Bottom line: I'd like your help in shaping a usable taxonomy ofInformation Assurance.*

This taxonomy is part of my graduate studies, and will not be used forany commercial purposes. It will remain an "open source" open project.

I am presently working on creating a taxonomy of information assurance,based on the three aspects of:

(1) Information characteristics
(2) Information states
(3) Security countermeasures

These three aspects of Information Assurance (IA) were highlighted byJohn McCumber [1] as well as a team of West Point researchers [2] as acomponent of works that define an integrated approach to security. Ihave also considered the works of Matt Bishop [3] in how to create auseful taxonomy.

Within the next 6 months, I would like to create a taxonomy thatgraphically depicts the relationships of these three aspects. I willuse an "open source" model whereby all of my findings & results will beposted for public review and revision.

My intent is that this taxonomy could be used by the academic community,industry, and government in improving the precision of communicationused in discussing information assurance/security topics.

I have searched the Internet widely for a taxonomy of InformationAssurance, but I have not found anything that is sufficiently detailedfor application with real world problems.


I've posted my initial results to the following URL:

http://www.sharp-ideas.net/ia/information_assurance.htm

for comments and peer review.

Cheers,

Abe Usher
abe.usher@sharp-ideas.net

* Information assurance is defined as "information operations thatprotect and defend information and information systems by ensuring theiravailability, integrity, authentication, confidentiality, andnon-repudiation. This includes providing for restoration of informationsystems by incorporating protection, detection, and reaction capabilities.

[1] McCumber, John. "Information Systems Security: A ComprehensiveModel". Proceedings 14th National Computer Security Conference.National Institute of Standards and Technology. Baltimore, MD. October1991.

[2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "AModel for Information Assurance: An Integrated Approach". Proceedingsof the 2001 IEEE Workshop on Information Assurance and Security. U.S.Military Academy. West Point, NY. June 2001.

[3] Bishop, Matt. "A Critical Analysis of Vulnerability Taxonomies".Department of Computer Science, University of California. Davis, CA.September 1996.

Reply to:

Prev by Date: unsubscribe
Next by Date: [no subject]
Previous by thread: Re: Blocking email ID's [Was:Unidentified subject!]
Next by thread: [no subject]
Index(es):
- Date
- Thread