Book description
Cyber Security Engineering is the
definitive modern reference and tutorial on the full range of
capabilities associated with modern cyber security engineering.
Pioneering software assurance experts Dr. Nancy R. Mead and Dr.
Carol C. Woody bring together comprehensive best practices for
building software systems that exhibit superior operational
security, and for considering security throughout your full system
development and acquisition lifecycles.
Drawing on their pioneering work at the Software Engineering
Institute (SEI) and Carnegie Mellon University, Mead and Woody
introduce seven core principles of software assurance, and show how
to apply them coherently and systematically. Using these
principles, they help you prioritize the wide range of possible
security actions available to you, and justify the required
investments.
Cyber Security Engineering guides you through risk analysis,
planning to manage secure software development, building
organizational models, identifying required and missing
competencies, and defining and structuring metrics. Mead and Woody
address important topics, including the use of standards,
engineering security requirements for acquiring COTS software,
applying DevOps, analyzing malware to anticipate future
vulnerabilities, and planning ongoing improvements.
This book will be valuable to wide audiences of practitioners and
managers with responsibility for systems, software, or quality
engineering, reliability, security, acquisition, or operations.
Whatever your role, it can help you reduce operational problems,
eliminate excessive patching, and deliver software that is more
resilient and secure.
Table of contents
- About This E-Book
- Title Page
- Copyright Page
- Dedication Page
- Contents at a Glance
- Contents
- Acknowledgments
- About the Authors
- Foreword
- Preface
- Chapter 1. Cyber Security Engineering: Lifecycle Assurance of Systems and Software
- Chapter 2. Risk Analysis—Identifying and Prioritizing Needs
-
Chapter 3. Secure Software Development Management and Organizational Models
- 3.1 The Management Dilemma
- 3.2 Process Models for Software Development and Acquisition
-
3.3 Software Security Frameworks, Models, and Roadmaps
- 3.3.1 Building Security In Maturity Model (BSIMM)
- 3.3.2 CMMI Assurance Process Reference Model
- 3.3.3 Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)
- 3.3.4 DHS SwA Measurement Work
- 3.3.5 Microsoft Security Development Lifecycle (SDL)
- 3.3.6 SEI Framework for Building Assured Systems
- 3.3.7 SEI Research in Relation to the Microsoft SDL
- 3.3.8 CERT Resilience Management Model Resilient Technical Solution Engineering Process Area
- 3.3.9 International Process Research Consortium (IPRC) Roadmap
- 3.3.10 NIST Cyber Security Framework
- 3.3.11 Uses of Software Security Frameworks, Models, and Roadmaps
- 3.4 Summary
- Chapter 4. Engineering Competencies
- Chapter 5. Performing Gap Analysis
- Chapter 6. Metrics
- Chapter 7. Special Topics in Cyber Security Engineering
- Chapter 8. Summary and Plan for Improvements in Cyber Security Engineering Performance
- References
- Bibliography
- Appendix A. WEA Case Study: Evaluating Security Risks Using Mission Threads
- Appendix B. The MSwA Body of Knowledge with Maturity Levels Added
- Appendix C. The Software Assurance Curriculum Project
- Appendix D. The Software Assurance Competency Model Designations
- Appendix E. Proposed SwA Competency Mappings
- Appendix F. BSIMM Assessment Final Report
- Appendix G. Measures from Lifecycle Activities, Security Resources, and Software Assurance Principles
- Index
Product information
- Title: Cyber Security Engineering: A Practical Approach for Systems and Software Assurance
- Author(s):
- Release date: October 2016
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780134189857
You might also like
book
Cyber Security
Cyber security is more essential today than ever, not just in the workplace but at home …
book
Cyber Security, 2nd Edition
Cyber security has never been more essential than it is today, it’s not a case of …
book
Fundamentals of Information Systems Security, 4th Edition
Fundamentals of Information Systems Security, Fourth Edition provides a comprehensive overview of the essential concepts readers …
book
Fundamentals of Information Systems Security, 3rd Edition
Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third …