Information Security Science

Information Security Science

Measuring the Vulnerability to Data Compromises

1st Edition - June 21, 2016
This is the Latest Edition
  • Author: Carl Young
  • eBook ISBN: 9780128096468
  • Paperback ISBN: 9780128096437

Purchase options

Purchase options
DRM-free (PDF, Mobi, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Information Security Science: Measuring the Vulnerability to Data Compromises provides the scientific background and analytic techniques to understand and measure the risk associated with information security threats. This is not a traditional IT security book since it includes methods of information compromise that are not typically addressed in textbooks or journals. In particular, it explores the physical nature of information security risk, and in so doing exposes subtle, yet revealing, connections between information security, physical security, information technology, and information theory. This book is also a practical risk management guide, as it explains the fundamental scientific principles that are directly relevant to information security, specifies a structured methodology to evaluate a host of threats and attack vectors, identifies unique metrics that point to root causes of technology risk, and enables estimates of the effectiveness of risk mitigation. This book is the definitive reference for scientists and engineers with no background in security, and is ideal for security analysts and practitioners who lack scientific training. Importantly, it provides security professionals with the tools to prioritize information security controls and thereby develop cost-effective risk management strategies.

Key Features

  • Specifies the analytic and scientific methods necessary to estimate the vulnerability to information loss for a spectrum of threats and attack vectors
  • Represents a unique treatment of the nexus between physical and information security that includes risk analyses of IT device emanations, visible information, audible information, physical information assets, and virtualized IT environments
  • Identifies metrics that point to the root cause of information technology risk and thereby assist security professionals in developing risk management strategies
  • Analyzes numerous threat scenarios and specifies countermeasures based on derived quantitative metrics
  • Provides chapter introductions and end-of-chapter summaries to enhance the reader’s experience and facilitate an appreciation for key concepts


Information Security professionals and students, Physical Security professionals and students

Table of Contents

    • Dedication
    • Biography
    • Foreword
    • Preface
    • Acknowledgments
    • Part I: Threats, risk and risk assessments
      • Chapter 1: Information Security Threats and Risk
        • Abstract
        • Introduction
        • Information security risk
        • Information security risk assessments
        • Organizing information security risk assessments
        • General risk factors for the compromise of signals
        • Estimating the likelihood component of risk
        • Summary
      • Chapter 2: Modeling Information Security Risk
        • Abstract
        • Introduction
        • Basic functions and units of measurement
        • Linearity and nonlinearity
        • Linear, areal, and volumetric density
        • Geometry and parametric scaling
        • Exponential and logistic growth
        • Summary
    • Part II: Scientific fundamentals
      • Chapter 3: Physics and Information Security
        • Abstract
        • Introduction
        • Waves
        • Wave energy and power
        • Constructive and destructive interference
        • Resonance
        • Diffraction and lenses
        • Antennae and gain
        • Point sources of radiating energy
        • Summary
      • Chapter 4: Electromagnetic Waves
        • Abstract
        • Introduction
        • Electromagnetic fields and flux
        • Vectors
        • Maxwell’s equations
        • Maxwell’s equations and information security
        • Summary
      • Chapter 5: Noise, Interference, and Emanations
        • Abstract
        • Introduction
        • Thermal noise
        • Shot noise
        • Emanations and electromagnetic interference
        • Radiating circuits
        • Circuit element models and electric fields
        • Summary
    • Part III: The compromise of signals
      • Chapter 6: Signals and Information Security
        • Abstract
        • Introduction
        • Modulation
        • Signal averaging
        • Risk factors for signal compromise
        • Introduction to information theory
        • Information theory and information security
        • Summary
      • Chapter 7: The Compromise of Electromagnetic Signals
        • Abstract
        • Introduction
        • A naïve attack
        • Assumptions on attackers and attack parameters
        • Broadband signal detection
        • A security limit on emanations
        • Anatomy of a remote attack 1: the computer video display interface
        • Anatomy of a remote attack 2: keyboard emanations
        • Summary
      • Chapter 8: Countermeasures to Electromagnetic Signal Compromises
        • Abstract
        • Introduction
        • Electromagnetic shielding
        • Magnetic shielding
        • Grounding to reduce emanations
        • Signal attenuation
        • Summary
      • Chapter 9: Visual Information Security
        • Abstract
        • Introduction
        • Fundamentals of optics and optical equipment
        • The resolution limit
        • Optical attacks
        • Telescopes
        • Summary
      • Chapter 10: Audible Information Security
        • Abstract
        • Introduction
        • Audible noise and interference
        • The effects of noise and distance
        • Audible signal propagation
        • Audible signal detection devices
        • Audible signal shielding
        • Summary
    • Part IV: Information technology risk
      • Chapter 11: Information Technology Risk Factors
        • Abstract
        • Introduction
        • Business practices and organizational culture
        • Security governance
        • User behavior
        • The physical security of information assets
        • Information technology implementation
        • Information security policies and information technology standards
        • Summary
      • Chapter 12: Information Technology Risk Measurements and Metrics
        • Abstract
        • Introduction
        • Information security risk measurement and metrics criteria
        • Security risk dimensions
        • Introduction to spatiotemporal risk measurements
        • Spatiotemporal risk measurements and metrics
        • Correlation measurements and metrics
        • The NIST Cybersecurity Framework
        • Summary
      • Chapter 13: Special Information Technology Risk Measurements and Metrics
        • Abstract
        • Introduction
        • Metrics for password resilience
        • Metrics for network infections: a scale-free model
        • Metrics in frequency and time: the Fourier transform
        • Metrics to determine the probability of protection
        • Metrics for intrusion detection: the Markov process
        • Summary
    • Part V: The physical security of information assets
      • Chapter 14: Physical Security Controls
        • Abstract
        • Introduction
        • Authenticating identity
        • Verifying authorization
        • Assessing affiliation
        • Technical surveillance countermeasures
        • Summary
      • Chapter 15: Data Centers: A Concentration of Information Security Risk
        • Abstract
        • Introduction
        • A (high-level) data center physical security strategy
        • The security of virtualization
        • An electromagnetic threat to data centers
        • Summary
    • Epilogue
    • Appendix A: The Divergence and Curl Operators
    • Appendix B: Common Units of Electricity and Magnetism
    • Appendix C: Capacitive and Inductive Coupling in Circuits
    • Appendix D: Intermediate Frequency (IF) Filtering of Signals
    • Appendix E: An Indicative Table of Contents for an Information Security Policy
    • Index

Product details

  • No. of pages: 406
  • Language: English
  • Copyright: © Syngress 2016
  • Published: June 21, 2016
  • Imprint: Syngress
  • eBook ISBN: 9780128096468
  • Paperback ISBN: 9780128096437

About the Author

Carl Young

Carl S. Young is a recognized subject matter expert in information and physical security risk management. He is currently a Managing Director and the Chief Security Officer at Stroz Friedberg, an international security risk consulting firm. He is the former Global Head of Physical Security Technology at Goldman Sachs as well as a former Senior Executive and Supervisory Special Agent at the FBI. He was also a consultant to the JASON Defense Advisory Group. Mr. Young is the author of Metrics and Methods for Security Risk Management (Syngress, 2010), and The Science and Technology of Counterterrorism (Butterworth-Heinemann, 2014) as well as numerous journal publications. In 1997 he was awarded the President’s Foreign Intelligence Advisory Board (PFIAB) James R. Killian Award by the White House for significant individual contributions to U.S. national security. Mr. Young received undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology.

Affiliations and Expertise

Managing Director and Chief Security Officer, Stroz Friedberg and Adjunct Professor, John Jay College, City University of New York, NY, USA