Information Assurance Vulnerability Analysis
- 5106 Words
- 22 Pages
- Report
Information Assurance Vulnerability Analysis
Abstract
Vulnerability analysis benefits in increasing the knowledge of the IT environment and its problems; Possibility of handling vulnerabilities, based on information generated; Improving reliability of the environment after the analysis; and Information for the development of risk analysis. The vulnerability analysis aims to verify the existence of security flaws in the enterprise IT environment. This analysis is an important tool for implementing effective security controls over information assets of the companies. In vulnerability analysis is performed a detailed verification of the computing environment, checking if the current environment provides security conditions compatible with the strategic importance of the services it provides or performs. The vulnerability analysis of information assets comprises Technologies, Processes, People and Environments.
Contents
Introduction3
Discussion5
Building Secure and Trusted Systems6
Life cycle7
Research issues7
Building systems with assurance8
Assurance in Requirements Definition and Analysis8
Threats and Security Objectives8
Assurance during System and Software Design9
Assurance during Operation and Maintenance9
Summary10
Research issues10
Penetration Studies11
Goals11
Vulnerability Classification11
Frameworks12
Gupta and Gligor's Theory of Penetration Analysis12
Research Issues13
Certification and Accreditation of Information Systems14
Formal Methods16
Formal Verification Techniques17
Current Verification Systems17
Evaluating Systems18
Goals of Formal Evaluation18
The Common Criteria: 1998-Present19
Summary19
Research Issues20
Conclusion20
References23
Information Assurance Vulnerability Analysis
Introduction
When we talk about the design, operation, implementation and maintenance of the computer system, there arises Vulnerabilities. Our discussion will be dealing in developing techniques for testing for vulnerabilities and models of vulnerabilities. A computer system includes policies, procedures and conglomeration which require to me secure and trusted. However, there is equal possibility that security lapse occur at any stage in these areas of a computer system. Therefore, it should be noted that while discussing vulnerabilities with computer system, we will not emphasize more on the hard and software problems.
The most possible vulnerability falls as the person breaks into a computer system. This vulnerability increases as the person gets access to the policies, procedures and organization, and does unauthorized actions. This specific flaw of the security and trust of the system is called vulnerability and security flaw. The use of this failure to breach the security system is called vulnerability exploitation. The person exploiting the act is called attacker. In the field of information technology, the attacker is referred to as Hacker (Skaggs, 2002).
Assurance is the foundation for determining and analyzing the trustworthiness of information system. Detailed specifications of desirable and undesirable behavior; analysis of design of software, hardware, and such components ensure that all specifications are met by the system; proofs that maintenance procedures, operating procedures and implementation produces the desired behavior. Early rectifications must be made to reduce errors and increase the likelihood of finding security flaws. This is directly related to the assumptions that are made for the security policies and mechanisms. When looked on as an absolute, it is an ultimate, although unachievable, goal to create a secure system. Therefore, it is true that building the systems with security assurance over time is uncertain. System's lifecycle will play a major role in building a secure and trusted system (Shrobe, 2002). The quantification and analysis of security is very difficult, both the engineering processes and lifecycle are ...