Higher Education
Author(s): Dan Shoemaker | Kenneth Sigler
ISBN: 9788131520482
1st Edition
Copyright: 2015
India Release: 2015
Binding: Paperback
Pages: 302
Trim Size: 279 x 216 mm
Software is essential and pervasive in the modern world, but software acquisition, development, operation, and maintenance can involve substantial risk, allowing attackers to compromise millions of computers every year. This groundbreaking text provides a uniquely comprehensive guide to software security, ranging far beyond secure coding to outline rigorous processes and practices for managing system and software lifecycle operations. The text opens with a comprehensive guide to the software lifecycle, covering all elements, activities, and practices encompassed by the universally accepted ISO/IEEE 12207-2008 standard. The authors then proceed to document proven management architecture and process framework models for software assurance, such as ISO 21827 (SSE-CMM), CERT-RMM, the Software Assurance Maturity Model, and NIST 800-53. Within these models, the authors present standards and practices related to key activities such as threat and risk evaluation, assurance cases, and adversarial testing. Ideal for new and experienced cybersecurity professionals alike in both the public and private sectors, this one-of-a-kind text prepares readers to create and manage coherent, practical, cost-effective operations to ensure defect-free systems and software.
Complete, thorough coverage of the ISO/IEEE 12207-2008 System and Software Lifecycle Processes Standard, detailing all elements, activities, and practices encompassed by this universally accepted set of guidelines.
Explores four of the most influential and effective models for establishing a secure system and software operation, preparing readers to apply ISO 21827 (SSE-CMM), CERT-RMM, the Software Assurance Maturity Model, and NIST 800-53 in real-world environments.
Emphasizes rigorous processes and detailed standards to provide a framework for managing complex functions, but they also address practical considerations for real-world implementation--including tailoring general models to the requirements of specific operations and organizations.
Covers high-level concepts and frameworks, detailed tasks and activities, and practical applications and examples, equipping readers to align lifecycle IT functions with business processes and stakeholder expectations.
Provides a uniquely comprehensive guide to software cybersecurity, outlining processes and activities related to acquisition, development, operation, and maintenance to ensure defect-free systems and software.
1. Lifecycle Management.
2. The Agreement Processes.
3. Organizational Project Enabling Processes.
4. Project Processes.
5. Technical Processes.
6. Software Implementation Process Group.
7. Software Supporting Processes and Software Reuse.
8. Standard Process Models to Secure Information and Communications Technology.
9. The Systems Security Engineering Capability Maturity Model (ISO 21827).
10. Software Assurance Maturity Model.
11. Building Security In Maturity Model.
12. Aligning the ICT Organization with Regulatory Requirements.
Dan Shoemaker
Dan Shoemaker is a professor and senior research scientist at the Center for Cyber Security and Intelligence Studies--a National Security Agency (NSA) Center of Academic Excellence--at the University of Detroit Mercy (UDM). He also served as chair of the Computer and Information Systems Department at UDM for 25 years and holds a visiting appointment at London South Bank University. Dr. Shoemaker is co-chair of the Software Assurance Workforce Training and Education working group within the Department of Homeland Security’s National Cybersecurity Division (NCSD). He has also served the NCSD as a member of the working group that developed its Essential Body of Knowledge, and as an expert panelist on three national working groups. A prolific author, Dr. Shoemaker is one of three domain editors for the Software Assurance Common Body of Knowledge. He lectures internationally on cybersecurity, information assurance, and software engineering topics, and he founded the International Cybersecurity Education Coalition (ICSEC) to connect higher education institutions and expand teaching of standard information assurance curricula throughout the Midwest. Dr. Shoemaker is the recipient of the Michigan Homeland Security annual Statewide award for Educators (2007)
Kenneth Sigler
Ken Sigler has been a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills, Michigan, campus of Oakland Community College (OCC) since 2001, and he has served as department chair since 2011. His primary research interests include software management, software assurance, and cloud computing, and he developed the college’s CIS program option "Information Technologies for Homeland Security." As a founding member of the International Cybersecurity Education Coalition (ICSEC), Sigler served as a liaison between the coalition and OCC, and he continues to act as post-secondary liaison to the articulations program with school districts across Oakland County. In this capacity, he developed a 2+2+2 Information Security Education process to shepherd students from information security coursework at the secondary level, through a four-year articulated program, and into careers in information security at a federal agency. Mr. Sigler is a member of IEEE, the Distributed Management Task Force (DMTF), and the Association for Information Systems (AIS).