Secure Software Systems
- Length: 400 pages
- Edition: 1
- Language: English
- Publisher: Jones & Bartlett Learning
- Publication Date: 2023-03-29
- ISBN-10: 1284261158
- ISBN-13: 9781284261158
- Sales Rank: #0 (See Top 100 Books)
Secure Software Systems presents an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. It addresses the software development process from the perspective of a security practitioner. The text focuses on the processes, concepts, and concerns of ensuring that secure practices are followed throughout the secure software systems development life cycle, including the practice of following the life cycle rather than just doing ad hoc development.
Cover Title Page Copyright Page Contents Preface Acknowledgments CHAPTER 1 Secure Software Systems Development Introduction Secure Software Systems Life Cycle Understanding the Model System Initiation Defining and Planning Design and Decision Development Test and Evaluation Deployment Operations and Maintenance Retirement Variations in the Life Cycle The Five Ps Combining the Five Ps with the Secure Software Systems Life Cycle KEY TERMS CHAPTER 2 Product and Portfolio Management Introduction Product Management Identifying Opportunities Product Definition Product Planning Bringing the Product to Market Ecosystem Management Portfolio Management SUMMARY KEY TERMS CHAPTER 3 Program and Project Management Introduction Project Management Phase 1—Initiation/Conception/Analysis Phase 2—Define and Plan Phase 3—Implementation/Execution Phase 4—Monitor and Control Phase 5—Project Close Project Management Summary Program Management Strategic Approach Program Sponsorship Program Managers Program Management Office SUMMARY KEY TERMS REFERENCE CHAPTER 4 Process Management Introduction Managing Processes Identifying Processes Understanding Processes Documenting Processes Process Diagrams Static Process Analysis Dynamic Process Analysis Queueing Theory Workflow Process Quality Process Improvement Processes and Security Defining Processes for the Developed System SUMMARY KEY TERMS CHAPTER 5 Managing the Secure Software Systems Development Life Cycle Introduction Requirements Tracking Change Management Issue Management SUMMARY KEY TERMS REFERENCE CHAPTER 6 Security Culture, Responsibility, and Training Introduction Look and Feel of a Security Culture Leadership Sets the Tone for Cybersecurity Someone with Responsibility and Authority Security Roles and Responsibilities Defined for All Security Is Considered in All Aspects of Products Security Is Widely Discussed and Shared with Customers Security Is Valued Security Culture Maturity Company Policies and Procedures Are Established and Available An Effective Security Culture among Programmers and System Administrators Is Vital Responsibility Ethical Integrity Professionalism Long-Term Thinking Training the Organization to Be Secure What Training Is Important When to Train Training Style SUMMARY KEY TERMS CHAPTER 7 Requirements and Security Requirements Planning Introduction Types of Requirements System Definition and Scope Sources of Requirements Stakeholders as a Source of Requirements Intended Security Practices as Security Requirements Outsourcing and Cloud Services as a Source of Requirements Requirements Engineering Assessing Requirements for Security Requirements Documentation and Tracing Traceability Formatting Requirements for Sharing SUMMARY KEY TERMS CHAPTER 8 Compliance Introduction Need for Compliance Laws and Regulations Related to Compliance Implications of Data Privacy Regulations and Laws U.S. Regulations and Laws Canadian Regulations and Laws European Union Regulations and Laws China Regulations and Laws Compliance Models and Frameworks Control Objectives for Information and related Technology (COBIT) Capability Maturity Model Integration (CMMI) Secure Software Development Framework (SSDF) (NIST) Monitoring Systems Auditing SUMMARY KEY TERMS REFERENCES CHAPTER 9 Quality Management Introduction Quality Assurance Processes Tools Task Expectations Training Auditing and Monitoring Processes Quality Control Quality Expectations Testing Root Cause Analysis Corrective Actions Quality Organizations SUMMARY KEY TERMS CHAPTER 10 Modeling Introduction Choosing a Model Modeling Tools Modeling Techniques Flow Charts Structure Charts E-R Diagram Object Model Use Case Model Sequence Diagram State Diagram SUMMARY KEY TERMS CHAPTER 11 Architecture Introduction Architecture Views or Models Business or Functional Architecture Logical Architecture Application Architecture Data Architecture Physical and Technical Architectures Enterprise Architecture Creating the Architecture Architectural Concerns Architectural Principles Security Objectives Design Patterns Example Design Patterns Refinement Techniques Architectural Reviews SUMMARY KEY TERMS CHAPTER 12 Vulnerability and Threat Assessment Introduction Vulnerability Assessment and Mapping The Process The Vulnerability Matrix Risk Assessment Additional Vulnerability Assessment Tools Trust Boundaries Life of Data Other Sources for Analysis Threat Modeling Purpose of the System Threat Intelligence Building the Threat Model SUMMARY KEY TERMS CHAPTER 13 The Development Environment Introduction Culture of Secure Development Practices Secure Development Tools Software Sources Selecting the Development Language Using Libraries in the Development Process Commercial Considerations Excessive Library Dependence Dependency Issues Inherited Vulnerabilities Operating Systems and Architecture Cloud Environments Cloud Security Considerations Cloud Services Engagement Cloud Development Practices Coding Practices Standing Operating Procedures (SOPs) Programming Manuals or Style Guides Fail-Safe Logic and Coding Integration Issues SUMMARY KEY TERMS REFERENCES CHAPTER 14 Configuration Management Introduction Version Control Configuration Management in Product Development Configuration Management in Operations and Maintenance SUMMARY KEY TERMS CHAPTER 15 Testing Introduction Test-Driven Development The Test Plan The Risk-Based Test Strategy The Test Team Test Tracking and Communication Test Schedule Test Cases Testing Tools Types of Testing Standard Development Test Methods User Test Methods Specialized Test Methods SUMMARY KEY TERMS REFERENCE CHAPTER 16 Product Release and Deployment Introduction Preparing for Release Release Review Final Security Review Open Issues Accreditation for Release Internal Accreditation Government System Accreditation Deployment Deployment Roles Training before Deployment Deployment Communications Deployment or Migration Planning Deployment/Migration Window SUMMARY KEY TERMS CHAPTER 17 Operations and Maintenance Introduction Operations Monitoring Security Monitoring User Support Backups Incident Management Incident Response Plan Incident Root Cause Analysis Incident Tracking Disaster Recovery Preparation and Practice Post-Incident Review Maintenance Configuration and Software Updates Functional Fixes and Patches Security Configuration and Software Updates Vulnerability Management Change Management Maintenance Windows Environmental Issues Power Consumption E-Waste SUMMARY KEY TERMS CHAPTER 18 Retirement or End-of-Life Introduction End-of-Life Planning End-of-Life Archiving Strategies When Faced with End-of-Life Retirement Communication Developing a Retirement Plan Pre-Retirement Audit Timeline Removal from Service Transferring and Storing Data Decommissioning the Hardware Licensing Adjustments Finalizing the Retirement SUMMARY KEY TERMS Glossary Index
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.