It Research Paper- Mitigation Controls

Read Complete Research Material

IT RESEARCH PAPER- MITIGATION CONTROLS

IT RESEARCH PAPER- Mitigation Controls

IT RESEARCH PAPER- Mitigation Controls

Type

Definitions

Probability Scale

Impact Scale

Mitigation Analysis

The 10 most productive ways to generate hypothetical flaws are described as part of the method, as are ways to confirm them. A review of the results and representative generic flaws discovered over the past 20 years is presented. The essay concludes with the assessment that FHM is applicable to the European ITSEC and with speculations about future methods of penetration analysis using formal methods, that is, mathematically Information Security specified design, theorems, and proofs of correctness of the design. One possible development could be a rigorous extension of FHM to be integrated into the development process. This approach has the potential of uncovering problems early in the design, enabling iterative redesign.

1

1

Information Security specified design

Theorems, and proofs of correctness of the design. One possible development could be a rigorous extension of FHM to be integrated into the development process. This approach has the potential of uncovering problems early in the design, enabling iterative redesign.

2

1

Security Threat

security threat exists when there are the opportunity, motivation, and technical means to attack: the when, why, and how. FHM deals only with the “how” dimension of threats. It is a requirement for highrated secure systems (for example, TCSEC ratings above B1) that penetration testing be completed without discovery of security flaws in the evaluated product, as part of a product or system evaluation

Unlike security functional testing, which demonstrates correct behavior of the product's advertised security controls, penetration testing is a form of stress testing, which exposes weaknesses or flaws in the trusted computing base (TCB). It has been cynically noted that security functional testing demonstrates the security controls for the “good guys,” while penetration testing demonstrates the security controls for the “bad guys.” Also, unlike security functional testing by ...
Related Ads