Software is essential and pervasive in the modern world, but software acquisition, development, operation, and maintenance can involve substantial risk, allowing attackers to compromise millions of computers every year. This groundbreaking book provides a uniquely comprehensive guide to software security, ranging far beyond secure coding to outline rigorous processes and practices for managing system and software lifecycle operations. The book opens with a comprehensive guide to the software lifecycle, covering all elements, activities, and practices encompassed by the universally accepted ISO/IEEE 12207-2008 standard. The authors then proceed document proven management architecture and process framework models for software assurance, such as ISO 21827 (SSE-CMM), CERT-RMM, the Software Assurance Maturity Model, and NIST 800-53. Within these models, the authors present standards and practices related to key activities such as threat and risk evaluation, assurance cases, and adversarial testing. Ideal for new and experienced cybersecurity professionals alike in both the public and private sectors, this one-of-a-kind book prepares readers to create and manage coherent, practical, cost-effective operations to ensure defect-free systems and software. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.The purpose of system requirements analysis is to transform the stakeholder requirements into a set of technical specifications to guide ... and consistent with the needs of the acquiring organization. ... Upon successful completion of the review, the formal requirements document becomes the basis for the configuration ... Due to electronic rights, some third party content may be suppressed from the eBookanbsp;...
|Title||:||Cybersecurity: Engineering a Secure Information Technology Organization|
|Author||:||Dan Shoemaker, Kenneth Sigler|
|Publisher||:||Cengage Learning - 2014-01-29|