Professional Documents
Culture Documents
Introduction
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 2 of 23
users.
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 3 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 4 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 5 of 23
A note on checklists
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 6 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 7 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 8 of 23
Evaluation methods
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 9 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 10 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 11 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 12 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 13 of 23
(e.g. Kailay & Jarratt, 1994; Birch & McEvoy, 1992; Fisher,
1984; Parker, 1981) prescribe methodologically discrete
steps. Such approaches can be considered to have developed
linearly and controlled ‘scientifically’. The Structured Risk
Analysis methodology of Birch and McEvoy (1992), for
example, views an information system in terms of data
structures, data processing and events in a system. The
fundamental principle in evaluating risk is to see the
correspondence between a threat and a vulnerability. The
approach is grounded in systems theory concepts. Other risk
analysis and evaluation approaches are also sympathetic with
similar philosophical underpinnings (e.g. Fisher, 1984;
Parker, 1981; van Zyl et al, 1994).
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 14 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 15 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 16 of 23
Conclusion
References
Adam, N. R., & Wortmann, J. C. (1989). Security-control
methods for statistical databases: a comparative study.
ACM Computing Surveys, 21(4).
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 17 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 18 of 23
MITRE Corp.
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 19 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 20 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 21 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 22 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99
CSRC Page 23 of 23
http://csrc.lse.ac.uk/People/BackhouseJ/isapproaches.htm 26/11/99