part I SECURITY CONCEPTS -- chapter 1 USING MODELS -- chapter 2 DEFINING INFORMATION SECURITY -- chapter 3 INFORMATION AS AN ASSET -- chapter 4 UNDERSTANDING THREAT AND ITS RELATION TO VULNERABILITIES -- chapter 5 ASSESSING RISK VARIABLES: THE RISK ASSESSMENT PROCESS -- part II THE McCUMBER CUBE METHODOLOGY -- chapter 6 THE McCUMBER CUBE -- chapter 7 DETERMINING INFORMATION STATES AND MAPPING INFORMATION FLOW -- chapter 8 DECOMPOSING THE CUBE FOR SECURITY ENFORCEMENT -- chapter 9 INFORMATION STATE ANALYSIS FOR COMPONENTS AND SUBSYSTEMS -- chapter 10 MANAGING THE SECURITY LIFE CYCLE -- chapter 11 SAFEGUARD ANALYSIS -- chapter 12 PRACTICAL APPLICATIONS OF McCUMBER CUBE ANALYSIS -- chapter III APPENDICES.