Deskripsi Buku
Software is essential and pervasive in the modern world but software acquisition development operation and maintenance can involve substantial risk allowing attackers to compromise millions of computers every year This groundbreaking text provides a uniquely comprehensive guide to software security ranging far beyond secure coding to outline rigorous processes and practices for managing system and software lifecycle operations The text opens with a comprehensive guide to the software lifecycle covering all elements activities and practices encompassed by the universally accepted ISO IEEE 12207 2008 standard The authors then proceed to document proven management architecture and process framework models for software assurance such as ISO 21827 SSE CMM CERT RMM the Software Assurance Maturity Model and NIST 800 53 Within these models the authors present standards and practices related to key activities such as threat and risk evaluation assurance cases and adversarial testing Ideal for new and experienced cybersecurity professionals alike in both the public and private sectors this one of a kind text prepares readers to create and manage coherent practical cost effective operations to ensure defect free systems and software Software is essential and pervasive in the modern world but software acquisition development operation and maintenance can involve substantial risk allowing attackers to compromise millions of computers every year This groundbreaking text provides a uniquely comprehensive guide to software security ranging far beyond secure coding to outline rigorous processes and practices ...for managing system and software lifecycle operations The text opens with a comprehensive guide to the software lifecycle covering all elements activities and practices encompassed by the universally accepted ISO IEEE 12207 2008 standard The authors then proceed to document proven management architecture and process framework models for software assurance such as ISO 21827 SSE CMM CERT RMM the Software Assurance Maturity Model and NIST 800 53 Within these models the authors present standards and practices related to key activities such as threat and risk evaluation assurance cases and adversarial testing Ideal for new and experienced cybersecurity professionals alike in both the public and private sectors this one of a kind text prepares readers to create and manage coherent practical cost effective operations to ensure defect free systems and software
