Request for consultation
Software is essential and pervasive in the modern world, but software acquisition, development, operation, and maintenance can involve substantial risk, allowing attackers to compromise millions of computers every year. This groundbreaking text provides a uniquely comprehensive guide to software security, ranging far beyond secure coding to outline rigorous processes and practices for managing system and software lifecycle operations. The text opens with a comprehensive guide to the software lifecycle, covering all elements, activities, and practices encompassed by the universally accepted ISO/IEEE 12207-2008 standard. The authors then proceed to document proven management architecture and process framework models for software assurance, such as ISO 21827 (SSE-CMM), CERT-RMM, the Software Assurance Maturity Model, and NIST 800-53. Within these models, the authors present standards and practices related to key activities such as threat and risk evaluation, assurance cases, and adversarial testing. Ideal for new and experienced cybersecurity professionals alike in both the public and private sectors, this one-of-a-kind text prepares readers to create and manage coherent, practical, cost-effective operations to ensure defect-free systems and software.
- Complete, thorough coverage of the ISO/IEEE 12207-2008 System and Software Lifecycle Processes Standard, detailing all elements, activities, and practices encompassed by this universally accepted set of guidelines.
- Explores four of the most influential and effective models for establishing a secure system and software operation, preparing readers to apply ISO 21827 (SSE-CMM), CERT-RMM, the Software Assurance Maturity Model, and NIST 800-53 in real-world environments.
- Emphasizes rigorous processes and detailed standards to provide a framework for managing complex functions, but they also address practical considerations for real-world implementation--including tailoring general models to the requirements of specific operations and organizations.
- Covers high-level concepts and frameworks, detailed tasks and activities, and practical applications and examples, equipping readers to align lifecycle IT functions with business processes and stakeholder expectations.
- Provides a uniquely comprehensive guide to software cybersecurity, outlining processes and activities related to acquisition, development, operation, and maintenance to ensure defect-free systems and software.
2. The Agreement Processes.
3. Organizational Project Enabling Processes.
4. Project Processes.
5. Technical Processes.
6. Software Implementation Process Group.
7. Software Supporting Processes and Software Reuse.
8. Standard Process Models to Secure Information and Communications Technology.
9. The Systems Security Engineering Capability Maturity Model (ISO 21827).
10. Software Assurance Maturity Model.
11. Building Security In Maturity Model.
12. Aligning the ICT Organization with Regulatory Requirements.
Cengage provides a range of supplements that are updated in coordination with the main title selection. For more information about these supplements, contact your Learning Consultant.
Instructor Resources CD-ROM
The Online Instructor Resources include the following materials: Electronic Instructor's Manual--The Instructor's Manual that accompanies this book includes additional material to assist in class preparation, including suggestions for classroom activities, discussion topics, and additional activities. Solutions--The instructor resources include solutions to the end-of-chapter material, including review questions and case projects. PowerPoint Presentations--This book comes with Microsoft PowerPoint slides for each chapter. They are included as a teaching aid for classroom presentation, to make available to students on the network for chapter review, or to be printed for classroom distribution. Instructors, please feel free to add your own slides for additional topics you introduce to the class. ExamView®--ExamView®, the ultimate tool for objective-based testing needs, is a powerful test generator that enables instructors to create paper, LAN, or Web-based tests from test banks designed specifically for their Cengage Course Technology text. Instructors can utilize the ultra-efficient Quick Test Wizard to create tests in less than five minutes by taking advantage of Cengage Course Technology's question banks, or customize their own exams from scratch. Figure files--All figures and tables in the book are reproduced on the Online Instructor Resources in bitmap format. Similar to the PowerPoint presentations, they are included as a teaching aid for classroom presentation, to make available to students for review, or to be printed for classroom distribution.