Abstract
Many organisations use risk analysis to analyse the vulnerability of their information technology. However, the majority of existing risk analysis methods and tools cannot deal adequately with the variable complex of measures against Internet threats, depending on Internet services rather than installed equipment or information systems. This paper describes a structured approach of a limited risk analysis on an Internet connection, in order to assess the threats which will be encountered if the organisation decides to connect to the Internet, and to determine which measures are necessary to protect against the relevant threats. This is useful in both the design phase for selecting a suitable set of security measures, as well as the testing phase to audit the adequacy of a chosen set of measures.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35575-7_19
Chapter PDF
Similar content being viewed by others
References
CCTA Risk Analysis and Management Methodology (CRAMM), Central Computer and Telecommunications Agency (CCTA), UK
W.R. Cheswick and S.M. Bellovin (1994), Firewalls and Internet security,Addison Wesley
D.B. Chapman and E.D. Zwicky (1995), Building Internet Firewalls,O’Reilly & Associates
Code of Practice for Information Security Management, British Standard BS7799, 1995
D. Dean, E.W. Felten and D.S. Wallach (1996), Java security: from HotJava to Netscape and beyond,IEEE Symposium on security and privacy
G. McGraw and E. W. Felten (1997), Java Security, Hostile Applets, Holes and Antidotes,Wiley Computer Publishing
B. Guttman and R. Bagwill (1999), Internet Security Policy: A Technical Guide,NIST Special Publication 800-XX Draft
B. Fraser (1997), Site Security Handbook,RFC-2196
IETF (1999), Requests For Comments (RFCs),http://www.ietf.org/rfc/
ISO (1999), Standards for Information Security Services, http://www.iso.ch/cate/cat.html
M.A. Murphy, X.L. Parker (1990), Handbook of EDP auditing, Warren, Gorham & Lamont
P.R. Moyer and E.E. Schultz (1996), A systematic methodology for firewall penetration testing, Network Security, March
W. T. Polk and L. E. Bassham (1992), Guide to the Selection of Anti-Virus Tools and Techniques,NIST Special Publication 800–5
B. Schreier (1996), Applied Cryptography,John Wiley
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Spruit, M.E.M., Samwel, P.H. (1999). Risk analysis on Internet connection. In: Eloff, J.H.P., Labuschagne, L., von Solms, R., Verschuren, J. (eds) Information Security Management & Small Systems Security. IFIP — The International Federation for Information Processing, vol 26. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35575-7_8
Download citation
DOI: https://doi.org/10.1007/978-0-387-35575-7_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5483-4
Online ISBN: 978-0-387-35575-7
eBook Packages: Springer Book Archive