Finding and Fixing Vulnerabilities in Information Systems

Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology

Philip S. Antón
Robert H. Anderson
Richard Mesic
Michael Scheiern
Copyright Date: 2003
Edition: 1
Published by: RAND Corporation
Pages: 143
https://www.jstor.org/stable/10.7249/mr1601darpa
  • Cite this Item
  • Book Info
    Finding and Fixing Vulnerabilities in Information Systems
    Book Description:

    Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce the Vulnerability Assessment and Mitigation methodology, a six-step process that uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses.

    eISBN: 978-0-8330-3599-8
    Subjects: Transportation Studies, Political Science

Table of Contents

  1. Front Matter
    (pp. i-ii)
  2. PREFACE
    (pp. iii-iv)
  3. Table of Contents
    (pp. v-viii)
  4. FIGURES
    (pp. ix-x)
  5. TABLES
    (pp. xi-xiv)
  6. SUMMARY
    (pp. xv-xxii)
  7. ACKNOWLEDGMENTS
    (pp. xxiii-xxiv)
  8. ACRONYMS
    (pp. xxv-xxvi)
  9. Chapter One INTRODUCTION
    (pp. 1-4)

    Many organizations’ critical functions rely on a core set of information system capabilities. Securing these capabilities against current and future threats requires a broad and unbiased view of system vulnerabilities, as well as creative consideration of security and stability options in the face of resource constraints. Interoperability, information sharing, collaboration, design imperfections, limitations, and the like lead to vulnerabilities that can endanger information system security and operation. Unfortunately, understanding an organization’s reliance on information systems, the vulnerabilities of these systems, and how to mitigate the vulnerabilities has been a daunting challenge—especially for less well-known or even unknown vulnerabilities that...

  10. Chapter Two CONCEPTS AND DEFINITIONS
    (pp. 5-8)

    Before describing the content and processes in the VAM methodology, we need to explore the underlying concepts and terminology it employs: What, for example, constitutes an information system? What leaves such a system vulnerable to attack or failure? What types of components can have vulnerabilities?

    “Security” means different things to different people, depending on their view of what can lead to a compromise of the system in question. We take a broad view of security to include any issue that affects the safe and reliable performance of the system. Compromises to the system can therefore arise not only from overt...

  11. Chapter Three VAM METHODOLOGY AND OTHER DoD PRACTICES IN RISK ASSESSMENT
    (pp. 9-24)

    In the late 1990s, RAND published a six-step methodology to improve the security posture of critical information systems (Anderson et al., 1999). The steps were to

    1. Identify your organization’s essential informationfunctions.

    2. Identify informationsystemsessential to implementing the essential functions in step 1.

    3. Identifyvulnerabilitiesof the essential systems in step 2.

    4. Identify pertinentsecurity techniquesto mitigate the vulnerabilities in step 3 using theVAM matching matrix tool.

    5.Select and applytechniques from step 4 based on constraints, costs, and benefits.

    6.Testthe techniques applied in step 5 for robustness and actual feasibilities under threat.

    Repeat steps 3...

  12. Chapter Four VULNERABILITY ATTRIBUTES OF SYSTEM OBJECTS
    (pp. 25-36)

    Here we present the lists and descriptions of vulnerability attributes, how they can be mapped in a user form to system objects, and how some common security problems exploit these attributes. Thus, this chapter provides details on step 3 of the VAM methodology.

    Figure 4.1 lists the general properties of objects that can lead to vulnerabilities. Vulnerability attributes include those related to the design and architecture of the system, the behavior and actions taken by the system, and general attributes that cut across both structure and behavior. These somewhat conceptual attributes apply generally to many types of systems and at...

  13. Chapter Five DIRECT AND INDIRECT SECURITY TECHNIQUES
    (pp. 37-48)

    This chapter provides an in-depth description of information system security techniques that help to mitigate vulnerabilities. Techniques are grouped according to the fundamental concepts they employ. These security technique categories are what the matrix and filters in step 4 recommend based on the types of vulnerability attributes, user role, and attack/failure stage in question.

    The chapter ends by describing how some well-known security approaches rely on one or more of these fundamental categories.

    The security field has identified and developed a large number of security techniques, employing various strategies to mitigate vulnerabilities. Some techniques make system objects resilient to attacks...

  14. Chapter Six GENERATING SECURITY OPTIONS FOR VULNERABILITIES
    (pp. 49-68)

    This chapter describes how step 4 of the VAM methodology maps the vulnerabilities presented in Chapter Four to the security techniques presented in Chapter Five to provide specific guidance on how to address identified vulnerabilities. Next, the chapter describes filtering techniques that improve the appropriateness of the security techniques identified in the matrix to a particular user type and attack stage. Chapters Five and Six describe step 4 of the methodology and support the selection of security techniques (step 5). Finally, the chapter provides specific examples of the kinds of specific security countermeasures that can be identified for specific, common...

  15. Chapter Seven AUTOMATING AND EXECUTING THE METHODOLOGY: A SPREADSHEET TOOL
    (pp. 69-78)

    Manually working through the evolved methodology’s large matrix, evaluator filters, and attack-component filters is laborious for an evaluator and may prevent thorough or careful application of the VAM methodology. Moreover, looking up the definitions of the various vulnerabilities, security techniques, and attack methods during the course of an evaluation can be daunting as well. Therefore, a prototype computerized tool has been developed and implemented to assist in using the methodology. This tool is implemented as a Microsoft Excel spreadsheet using Visual Basic algorithms to perform information lookups as well as simple scoring of vulnerability risks based on the inputs from...

  16. Chapter Eight NEXT STEPS AND DISCUSSION
    (pp. 79-82)

    Here we present some deficiencies in the current VAM methodology, possible next steps, and some general discussion about the methodology, its use, and the utility of security assessments.

    While the VAM methodology advances the techniques available for assessing and mitigating information system vulnerabilities, the entire six-step methodology would benefit from additional automation development and support aids.

    Applying thestrategy-to-taskstechnique to reviewing the critical information functions and their supporting systems (steps 1 and 2) may benefit from specific guidance and worksheets in the tool to help the evaluator explore what is most critical and to help prompt an objective review...

  17. Chapter Nine SUMMARY AND CONCLUSIONS
    (pp. 83-84)

    VAM fills a gap in existing methodologies by providing explicit guidance on finding system vulnerabilities and by suggesting relevant mitigations. The VAM methodology provides a comprehensive, top-down approach to information system security, combining a novel assessment and recommendation-generating matrix with filtering approaches to refine the security options under consideration.

    The methodology helps to identify new types of vulnerabilities as well as known types of vulnerabilities in one’s information systems. Thus, the methodology takes a comprehensive approach to understanding vulnerabilities and does not rely on canned scanning tools or checklists (however valuable) for the sole identifier of vulnerabilities of concern.

    The...

  18. Appendix VULNERABILITY TO MITIGATION MAP VALUES
    (pp. 85-114)
  19. BIBLIOGRAPHY
    (pp. 115-118)