Muutke küpsiste eelistusi

E-raamat: Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

2.60/5 (19 hinnangut Goodreads-ist)
,
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 25,73 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Cyber Security Engineering: A Practical Approach for Systems and Software AssuranceSuurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This book brings together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security early and throughout the full lifecycles of both system development and acquisition. Pioneering software assurance experts Nancy R. Mead and Dr. Carol Woody present the latest practical knowledge and case studies, demonstrating strategies and techniques that have been repeatedly proven to reduce operational problems and the need for software patching. Using these methods, any software practitioner or manager can make system and software engineering decisions that are far more likely to achieve appropriate operational results.

 

Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, the authors introduce seven core principles of software assurance, and demonstrate how to apply them through all four key areas of cybersecurity engineering:

  • Security and Software Assurance Engineering
  • Security and Software Assurance Management
  • Security and Software Assurance Measurement and Analysis
  • Software Assurance Education and Competencies

For each area, Mead and Woody present key standards, methods, services, tools, and best practices, illuminating these with relevant examples, references to research results, and additional resources. Each area's content is organized to demonstrate how all seven crucial software assurance principles can be addressed coherently and systematically. The authors complement their recommendations with deep insight into why they make sense, and practical guidance on determining whether each action is being performed successfully.

 

Cyber Security Engineering: A Foundation for Operational Securitywill serve as the definitive modern reference and tutorial on the full range of capabilities associated with modern cybersecurity engineering. It may also be used as an accompanying text advanced academic courses and continuing education related to the operational security of software systems.

Arvustused

This book presents a wealth of extremely useful material and makes it available from a single source. Nadya Bartol, Vice President of Industry Affairs and Cybersecurity Strategist, Utilities Technology Council

Drawing from more than 20 years of applied research and use, CSE serves as both a comprehensive reference and a practical guide for developing assured, secure systems and softwareaddressing the full lifecycle; manager and practitioner perspectives; and people, process, and technology dimensions. Julia Allen, Principal Researcher, Software Engineering Institute

Foreword xix
Preface xxi
Chapter 1 Cyber Security Engineering: Lifecycle Assurance of Systems and Software 1(16)
1.1 Introduction
1(2)
1.2 What Do We Mean by Lifecycle Assurance?
3(3)
1.3 Introducing Principles for Software Assurance
6(4)
1.4 Addressing Lifecycle Assurance
10(3)
1.5 Case Studies Used in This Book
13(4)
1.5.1 Wireless Emergency Alerts Case Study
13(1)
1.5.2 Fly-By-Night Airlines Case Study
14(1)
1.5.3 GoFast Automotive Corporation Case Study
15(2)
Chapter 2 Risk Analysis-Identifying and Prioritizing Needs 17(22)
2.1 Risk Management Concepts
18(5)
2.2 Mission Risk
23(1)
2.3 Mission Risk Analysis
23(4)
2.3.1 Task 1: Identify the Mission and Objective(s)
24(1)
2.3.2 Task 2: Identify Drivers
25(1)
2.3.3 Task 3: Analyze Drivers
25(2)
2.4 Security Risk
27(4)
2.5 Security Risk Analysis
31(7)
2.6 Operational Risk Analysis-Comparing Planned to Actual
38(1)
2.7 Summary
38(1)
Chapter 3 Secure Software Development Management and Organizational Models 39(36)
3.1 The Management Dilemma
39(3)
3.1.1 Background on Assured Systems
40(2)
3.2 Process Models for Software Development and Acquisition
42(6)
3.2.1 CMMI Models in General
43(1)
3.2.2 CMMI for Development (CMMI-DEV)
44(1)
3.2.3 CMMI for Acquisition (CMMI-ACQ)
45(2)
3.2.4 CMMI for Services (CMMI-SVC)
47(1)
3.2.5 CMMI Process Model Uses
48(1)
3.3 Software Security Frameworks, Models, and Roadmaps
48(24)
3.3.1 Building Security In Maturity Model (BSIMM)
49(1)
3.3.2 CMMI Assurance Process Reference Model
50(3)
3.3.3 Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)
53(2)
3.3.4 DHS SwA Measurement Work
55(3)
3.3.5 Microsoft Security Development Lifecycle (SDL)
58(2)
3.3.6 SEI Framework for Building Assured Systems
60(2)
3.3.7 SEI Research in Relation to the Microsoft SDL
62(1)
3.3.8 CERT Resilience Management Model Resilient Technical Solution Engineering Process Area
63(4)
3.3.9 International Process Research Consortium (IPRC) Roadmap
67(1)
3.3.10 NIST Cyber Security Framework
67(5)
3.3.11 Uses of Software Security Frameworks, Models, and Roadmaps
72(1)
3.4 Summary
72(3)
Chapter 4 Engineering Competencies 75(22)
4.1 Security Competency and the Software Engineering Profession
75(2)
4.2 Software Assurance Competency Models
77(1)
4.3 The DHS Competency Model
78(3)
4.3.1 Purpose
78(1)
4.3.2 Organization of Competency Areas
79(1)
4.3.3 SwA Competency Levels
79(1)
4.3.4 Behavioral Indicators
80(1)
4.3.5 National Initiative for Cybersecurity Education (NICE)
80(1)
4.4 The SEI Software Assurance Competency Model
81(15)
4.4.1 Model Features
82(2)
4.4.2 SwA Knowledge, Skills, and Effectiveness
84(4)
4.4.3 Competency Designations
88(3)
4.4.4 A Path to Increased Capability and Advancement
91(1)
4.4.5 Examples of the Model in Practice
91(3)
4.4.6 Highlights of the SEI Software Assurance Competency Model
94(2)
4.5 Summary
96(1)
Chapter 5 Performing Gap Analysis 97(18)
5.1 Introduction
97(1)
5.2 Using the SEI's SwA Competency Model
98(8)
5.3 Using the BSIMM
106(8)
5.3.1 BSIMM Background
106(2)
5.3.2 BSIMM Sample Report
108(6)
5.4 Summary
114(1)
Chapter 6 Metrics 115(20)
6.1 How to Define and Structure Metrics to Manage Cyber Security Engineering
115(8)
6.1.1 What Constitutes a Good Metric?
116(1)
6.1.2 Metrics for Cyber Security Engineering
117(4)
6.1.3 Models for Measurement
121(2)
6.2 Ways to Gather Evidence for Cyber Security Evaluation
123(12)
6.2.1 Process Evidence
123(4)
6.2.2 Evidence from Standards
127(5)
6.2.3 Measurement Management
132(3)
Chapter 7 Special Topics in Cyber Security Engineering 135(46)
7.1 Introduction
135(1)
7.2 Security: Not Just a Technical Issue
136(8)
7.2.1 Introduction
136(6)
7.2.2 Two Examples of Security Governance
142(1)
7.2.3 Conclusion
143(1)
7.3 Cyber Security Standards
144(6)
7.3.1 The Need for More Cyber Security Standards
144(5)
7.3.2 A More Optimistic View of Cyber Security Standards
149(1)
7.4 Security Requirements Engineering for Acquisition
150(9)
7.4.1 SQUARE for New Development
151(1)
7.4.2 SQUARE for Acquisition
151(8)
7.4.3 Summary
159(1)
7.5 Operational Competencies (DevOps)
159(12)
7.5.1 What Is DevOps?
159(2)
7.5.2 DevOps Practices That Contribute to Improving Software Assurance
161(7)
7.5.3 DevOpsSec Competencies
168(3)
7.6 Using Malware Analysis
171(9)
7.6.1 Code and Design Flaw Vulnerabilities
173(3)
7.6.2 Malware-Analysis-Driven Use Cases
176(3)
7.6.3 Current Status and Future Research
179(1)
7.7 Summary
180(1)
Chapter 8 Summary and Plan for Improvements in Cyber Security Engineering Performance 181(8)
8.1 Introduction
181(2)
8.2 Getting Started on an Improvement Plan
183(4)
8.3 Summary
187(2)
References 189(22)
Bibliography 211(2)
Appendix A: WEA Case Study: Evaluating Security Risks Using Mission Threads 213(14)
Appendix B: The MSwA Body of Knowledge with Maturity Levels Added 227(8)
Appendix C: The Software Assurance Curriculum Project 235(4)
Appendix D: The Software Assurance Competency Model Designations 239(10)
Appendix E: Proposed SwA Competency Mappings 249(30)
Appendix F: BSIMM Assessment Final Report 279(46)
Appendix G: Measures from Lifecycle Activities, Security Resources, and Software Assurance Principles 325(8)
Index 333
Dr. Nancy R. Mead is a Fellow and Principal Researcher at the Software Engineering Institute (SEI). She is also an Adjunct Professor of Software Engineering at Carnegie Mellon University. She is currently involved in the study of security requirements engineering and the development of software assurance curricula. She served as director of software engineering education for the SEI from 1991 to 1994. Her research interests are in the areas of software security, software requirements engineering, and software architectures.

Prior to joining the SEI, Dr. Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBMs software engineering technology area and managed IBM Federal Systems software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses, and she has served on many advisory boards and committees.

Dr. Mead has authored more than 150 publications and invited presentations. She is a Fellow of the Institute of Electrical and Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society, and is a Distinguished Educator of the Association for Computing Machinery. She received the 2015 Distinguished Education Award from the IEEE Computer Society Technical Council on Software Engineering. The Nancy Mead Award for Excellence in Software Engineering Education is named for her and has been awarded since 2010, with Professor Mary Shaw as the first recipient.

Dr. Mead received her PhD in mathematics from the Polytechnic Institute of New York, and received a BA and an MS in mathematics from New York University     Dr. Carol C. Woody has been a senior member of the technical staff at the Software Engineering Institute since 2001. Currently she is the manager of the Cyber Security Engineering team, which focuses on building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems.

Dr. Woody leads engagements with industry and the federal government to improve the trustworthiness and reliability of the software products and capabilities we build, buy, implement, and use. She has helped organizations identify effective security risk management solutions, develop approaches to improve their ability to identify security and survivability requirements, and field software and systems with greater assurance. For example, she worked with the Department of Homeland Security (DHS) on defining security guidelines for its implementation of wireless emergency alerting so originators such as the National Weather Service and commercial mobile service providers such as Verizon and AT&T could ensure that the emergency alerts delivered to your cell phones are trustworthy. Her publications define capabilities for measuring, managing, and sustaining cyber security for highly complex networked systems and systems of systems. In addition, she has developed and delivered training to transition assurance capabilities to the current and future workforce.

Dr. Woody has held roles in consulting, strategic planning, and project management. She has successfully implemented technology solutions for banking, mining, clothing and tank manufacturing, court and land records management, financial management, human resources management, and social welfare administration, using such diverse capabilities as data mining, artificial intelligence, document image capture, and electronic workflow.

Dr. Woody is a senior member of the Institute of Electrical and Electronic Engineers, Inc. Computer Society and a senior member of the Association for Computing Machinery. She holds a BS in mathematics from the College of William & Mary, an MBA with distinction from The Babcock School at Wake Forest University, and a PhD in information systems from NOVA Southeastern University.  
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801341898716e.html
Märksõnad: