Bill Naber
ABSTRACT
Any field of endeavor benefits from a body of knowledge of failures that provide guidance on what to avoid. As a relatively young discipline whose failures can often be handled privately, information security professionals do not have access to the volume of well documented failures for analysis that more mature professions such as mechanical and civil engineering rely on. This paper examines catastrophic failures from the physical world and provides "lessons learned" that can be applied in managing an information systems security program.
- Clark, C. 1997. Radium Girls: women and industrial health reform. The University of North Carolina Press, Chapel Hill, NC.Google Scholar
- Dowie, M. 1995. Losing Ground -- American Environmentalism at the Close of the Twentieth Century. The MIT Press, Cambridge, MA.Google Scholar
- Federal Financial Institutions Examination Council. 2006. Information Security IT Examination Handbook. DOI=http://www.ffiec.gov/ffiecinfobase/booklets/information_security/information_security.pdf.Google Scholar
- French, F. and Burgess, C. 2007. In the Shadow of the Moon -- A Challenging Journey to Tranquility, 1965--1969. University of Nebraska Press, Lincoln, NE.Google Scholar
- ISC2. 2008. 2008 Annual Report. DOI = https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/About_ISC2/2008 annual report electronic.pdf.Google Scholar
- ISO/IEC JTC 1. 2005. ISO/IEC 17799:2005 Information technology -- Security Techniques -- Code of practice for information security management. The International Organization for Standardization, Switzerland.Google Scholar
- IT Governance Institute. 2007. COBIT 4.1 -- Framework, Control Objectives, Management Guidelines, Maturity Models. DOI = http://www.isaca.org/Knowledge-Center/cobit/Documents/CobiT_4.1.pdf. Google ScholarDigital Library
- Lim, J. 1998. An Engineering Disaster: Therac-25. DOI= http://www.stanford.edu/class/cs181/Materials/therac.pdf.Google Scholar
- McDonald's. 2010. World Wide Web Home Page. DOI=http://www.mcdonalds.com/us/en/home.html.Google Scholar
- Petroski, H. 1997. Design Paradigms -- Case Histories of Error and Judgment in Engineering. The Press Syndicate of the University of Cambridge, Cambridge, United Kingdom.Google Scholar
- Petroski, H. 1999. Remaking the World -- Adventures in Engineering. Vintage Books, New York, NY.Google Scholar
- Petroski, H. 1985. To Engineer is Human -- The Role of Failure in Successful Design. St. Martin's Press, New York, NY.Google Scholar
- Rhodes, R. 2008. Arsenals of Folly -- The Making of the Nuclear Arms Race. Vintage Books, New York, NY.Google Scholar
- Rubin, C. 1994. The Green Crusade -- Rethinking the Roots of Environmentalism. Rowman & Littlefield Publishers, Inc., Lanham, MD.Google Scholar
- Singh, S. 1999. The Code Book -- The Evolution of Secrecy from Mary, Queen of Scots to Quantum Cryptography. Doubleday, New York, NY. Google ScholarDigital Library
- Whittaker, W. 2001. Child Labor in America-History, Policy and Legislative Issue. Novinka Books, Hauppauge, NGoogle Scholar
Index Terms
- Cautionary tales from real world failures for managing security in the cyber world
Recommendations
Dealing with failures during failure recovery of distributed systems
One of the characteristics of autonomic systems is self recovery from failures. Self recovery can be achieved through sensing failures, planning for recovery and executing the recovery plan to bring the system back to a normal state. For various reasons,...
Dealing with failures during failure recovery of distributed systems
DEAS '05: Proceedings of the 2005 workshop on Design and evolution of autonomic application softwareOne of the characteristics of autonomic systems is self recovery from failures. Self recovery can be achieved through sensing failures, planning for recovery and executing the recovery plan to bring the system back to a normal state. For various reasons,...
Comments