IC Home > Book References > CIP Book > Chapter 7

This web page is dedicated to the Second Edition of "Critical Infrastructure: Homeland Security and Emergency Preparedness", authored by Bob Radvanovsky and Allan McDougall.

Information contained within this web page offer references that are web-based in nature, as a measure of preserving the information contained within this book. The reason for doing this will ensure that references aren't lost, and can be quickly, and easily, retrieved for those requiring further information.

References are broken down based on each chapter contained within the book. This web page is dedicated to Chapter 7: Security Vulnerability Assessments.

Chapter 7: Security Vulnerability Assessments. This chapter is the meat of the book, and provides the backbone for reasons of what, where, why, and how risk assessments are to be performed, why they are needed, and what causes them to be needed. This chapter is representative of a set of guidelines that both military and government agencies are currently using or improving.

All links referenced are stored in a single file in Adobe Acrobat's PDF format.

  • U.S. General Accounting Office, Information Security Risk Assessment: Practices of Leading Organizations, GAO/AIMD-00-33 [ch7ref1]
  • Vulnerability Assessment Framework 1.1, U.S. Critical Infrastructure Assurance Office, Washington, D.C. (October 1998) [ch7ref2]
  • U.S. General Accounting Office, Federal Information Systems Controls and Auditing Manual: Volume I: Financial Statement Audits, GAO/AIMD-12.19.6 (Washington, D.C., Security Vulnerability Assessment 161, January 1999) has been replaced by the document contained within the U.S. General
    Accounting Office, Federal Information Systems Controls and Auditing Manual, GAO-09-232G (Washington, D.C., February 2009) (document changes effective February 2, 2009) [ch7ref3] [ch7ref3a]
  • U.S. General Accounting Office, 2010 Census: Basic Design Has Potential, but
    Remaining Challenges Need Prompt Resolution
    , GAO/-05-9 (Washington, D.C., January 2005) [ch7ref4]
  • President Bill Clinton Presidential Decision Directive No. 63, “Critical Infrastructure Protection” [ch7ref5]
  • Practices for Securing Critical Information Assets, The Critical Infrastructure Assurance Office, Washington, D.C., 2000 [ch7ref6]
  • Guide for Developing Security Plans for Information Technology Systems, NIST Special Publication 800-18, National Institute of Standards and Technology: Washington, D.C., 1998 [ch7ref7] [chref7a]
  • U.S. Securities and Exchange Commission, Division of Corporation Finance: Sarbanes-Oxley Act of 2002—Frequently Asked Questions [ch7ref8]
  • Vulnerability Assessment Methodology, Electric Power Infrastructure, U.S. DOE Office of Energy Assurance, September 30, 2002 [ch7ref9]
  • Vulnerability Assessment Methodologies Report, U.S. Department of Homeland Security, Office of Domestic Preparedness, July 2003 [ch7ref10]
  • Vulnerability Assessment Techniques and Applications, National Oceanic and
    Atmospheric Administration, Coastal Services Center [ch7ref11]
  • State of North Carolina, Information Security Vulnerability Assessment, Preliminary Statewide Assessment, Office of the State Auditor (December 2002) [ch7ref12]