Cybersecurity : engineering a secure information technology organization / Dan Shoemaker, Kenneth Sigler
- Author
- Shoemaker, Dan
- Published
- Stamford, CT : Cengage Learning, [2015]
- Copyright Date
- ©2015
- Physical Description
- xvii, 283 pages : illustrations ; 28 cm
- Additional Creators
- Sigler, Kenneth
- Contents
- Machine generated contents note: ch. 1 Lifecycle Management -- Lifecycle Management -- Why ICT Companies Need to Change the Way They Do Business -- The ICT Industry is Significantly Profitable and Globally Influential -- Business Realities versus Due Care -- The ICT Lifecycle: A Definition -- Implementing Best Practice using a Single Framework -- The Benefit of Standards -- The People Factor: The Role of Disciplined and Properly Motivated Performance -- Maintaining a Floor Capability -- Strategic Management of the Lifecycle -- Aligning the ICT Lifecycle with the Business Purpose -- Creating a Systematic Lifecycle Management Process -- Making Concrete Arrangements for Lifecycle Management -- Implementing a Company-Wide Process -- Factoring People into the Plan -- Oversight and Day-to-Day Lifecycle Management -- Lifecycle Management versus Assurance: A Distinction -- Summing up Lifecycle Management -- Adopting a Single Standard to Minimize ICT Defects -- Tailoring a Solution -- Summing up the ISO 12207 Standard -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 2 The Agreement Processes -- System Lifecycle Processes: The Agreement Processes -- Establishing the Form of the Standard Lifecycle -- The Acquisition Process -- Overview of the Acquisition Process -- Detail of the Acquisition Process -- The Supply Process---The Other Side of the Coin -- Overview of the Supply Process -- Unique Elements of the Supply Process -- Responding to the Customer's Bid Request -- Negotiating the Contract from the Supplier Side -- Project Execution -- Oversight and Control -- Documenting Contract Compliance -- Product and Process Assurance -- Subcontractor Monitoring and Control -- Ensuring the Supply Chain -- Verification, Validation, and Testing -- Delivery and Acceptance -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 3 Organizational Project-Enabling Processes -- Overview of Project-Enabling Processes -- Why Are Organizational Processes Important? -- Lifecycle Model Management Process (6.2.1) -- Lifecycle Model Management Activity 6.2.1.3.1: Process Establishment -- Lifecycle Model Management Activity 6.2.1.3.2: Process Assessment -- Lifecycle Model Management Activity 6.2.1.3.3: Process Improvement -- Infrastructure Management Process (6.2.2) -- Infrastructure Management Activity 6.2.2.3.1: Process Implementation -- Infrastructure Management Activity 6.2.2.3.2: Establishment of the Infrastructure -- Infrastructure Management Activity 6.2.2.3.3: Maintenance of the Infrastructure -- Project Portfolio Management Process (6.2.3) -- Project Portfolio Management Activity 6.2.3.3.1: Project Initiation -- Project Portfolio Management Activity 6.2.3.3.2: Portfolio Evaluation -- Project Portfolio Management Activity 6.2.3.3.3: Project Closure -- Human Resource Management Process (6.2.4) -- Human Resource Management Activity 6.2.4.3.1: Skill Identification -- Human Resource Management Activity 6.2.4.3.2: Skill Development -- Human Resource Management Activity 6.2.4.3.3: Skill Acquisition and Provision -- Human Resource Management Activity 6.2.4.3.4: Knowledge Management -- Quality Management (6.2.5) -- Quality Management Activity 6.2.5.3.1: Quality Management -- Quality Management Activity 6.2.5.3.2: Quality Management Corrective Action -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 4 Project Processes -- Overview of Project Processes -- Defining and Coordinating the Project -- Building the Project Team -- Organizing the Project -- The Project Processes of ISO 12207-2008 -- The Project Planning Process (6.3.1) -- Project Initiation -- Project Planning -- Project Authorization and Launch -- The Project Assessment and Control Process (6.3.2) -- The Project Assessment and Control Activities -- The Decision Management Process (6.3.3) -- Decision Management Activities -- The Risk Management Process (6.3.4) -- Risk Management Activities -- The Configuration Management Process (6.3.5) -- Configuration Management Planning -- Configuration Management Execution -- The Information Management Process (6.3.6) -- Information Management Planning -- Information Management Execution -- The Measurement Process (6.3.7) -- Measurement Planning -- Measurement Performance -- Measurement Evaluation -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 5 Technical Processes -- Overview of the Technical Process Group -- Development Processes of the Technical Process Group -- Stakeholder Requirements Definition -- Stakeholder Identification -- Stakeholder Requirements Identification -- Stakeholder Requirements Evaluation -- Stakeholder Requirements Agreement and Recording -- System Requirements Analysis -- Requirements Specification -- Requirements Evaluation -- The Architectural Design Process -- Establishing Architecture -- Architectural Evaluation -- The Implementation Process -- The Integration Process -- Integration -- Test Readiness -- The Qualification Testing Process -- Qualification Testing -- The Installation Process -- Software Installation -- The Acceptance Support Process -- Product Acceptance Support -- Technical Process Group: The ICT Operations Process -- Preparation for Operation -- Operation Activation and Check-Out -- Operational Use -- Customer Support -- Problem Resolution -- Technical Process Group: The ICT Maintenance Process -- Process Implementation -- Problem and Modification Analysis -- Implementing Modifications -- Maintenance Review and Acceptance -- Migration -- Technical Process Group: Disposal -- Disposal Planning -- Disposal Execution -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 6 Software Implementation Process Group -- Overview of Software Implementation Process Group -- The Software Implementation Process (7.1.1) -- Detail of Software Implementation Process: Software Implementation Strategy -- The Software Requirements Analysis Process (7.1.2) -- Detail of Software Requirements Analysis Process -- The Software Architecture Design Process (7.1.3) -- Detail of Software Architecture Design Activity -- The Software Detailed Design Process (7.1.4) -- Detail of Software Detailed Design Activity -- The Software Construction Process (7.1.5) -- Detail of Software Construction Activity -- The Software Integration Process (7.1.6) -- Detail of Software Integration Activity -- Software Qualification Testing (7.1.7) s -- Detail of Software Qualification Testing -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 7 Software Supporting Processes and Software Reuse -- Overview of the Software Supporting Process Group -- Software Documentation Management -- Process Implementation -- Design and Development -- Production -- Maintenance -- Software Configuration Management -- Who Participates in Configuration Management? -- What are the Roles? -- What is the Process? -- The Configuration Management Plan -- Process Implementation -- Configuration Identification -- Configuration Control -- Configuration Status Accounting -- Configuration Evaluation -- Release Management & Delivery -- Software Quality Assurance -- Organization of SQA Operations -- SQA: Overall Operation -- SQA Reporting -- Starting the SQA Program -- Overview of Steps: Software Quality Assurance -- Process Implementation -- Product Assurance -- Process Assurance -- Assurance of Quality Systems -- Verification -- Process Implementation -- Verification -- Validation -- Process Implementation -- Analyzing Test Results -- Software Review -- Process Implementation -- Project Management Reviews -- Technical Reviews -- The Audit Process -- Process Implementation -- Audit -- Problem Resolution -- Process Implementation -- Problem Resolution -- Reuse -- Domain Engineering -- Reuse Asset Management -- Reuse Program Management -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 8 Standard Process Models for Securing ICT Organizations -- Underwriting Trust and Competence in ICT -- The Problems that Capability Models Address -- Putting Capability into Practice -- A Distinction: Why We Need to Build a Standard Infrastructure First -- Why Use a Process Capability Model? -- The History of Best Practice Models -- Early Models of the CMM and ISO 9000 -- Expanding the Application of the CMM During the Late 1990s -- ISO 15408: The Common Criteria -- The 21st Century -- Families of Prominent Capability Models -- The Capability Maturity Model (CMM) -- Background of the CMM -- Evolution of the CMM -- Components of the CMM -- Maturity Levels of the CMM -- Key Process Areas (KPAs) -- Key Practices -- Common Features of KPAs -- Determining Capability: The CMM Assessment Process -- CMMI -- ISO 15504 (also known as the Security Engineering CMM) -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 9 The Systems Security Engineering Capability Maturity Model (ISO 21827) -- Overview of the SSE-CMM -- Background: The SSE-CMM Collaboration -- Structure of the SSE-CMM/ISO 21827 Standard -- The Base Practices of the SSE-CMM -- Project and Organizational Base Practices -- Assuring an Organization's System Security Engineering Capability -- Architectural Components of the SSE-CMM -- Process Capability Assessment -- Process Capability Evaluations -- Determining Capability Using the SSE-CMM Assessment Model -- The SSE-CMM Assessment Process -- Using Targeted Assessments to Ensure Supplier Capability -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 10 Software Assurance Maturity Model -- Overview of the Software Assurance Maturity Model -- Understanding the SAMM Framework -- Governance Business Function -- Strategy & Metrics Practice -- Policy & Compliance Practice -- Education & Guidance Practice -- Construction Business Function -- Threat Assessment Practice -- Security Requirements Practice -- Secure Architecture Practice -- Verification Business Function -- Design Review Practice -- and Contents note continued: Code Review Practice -- Security Testing Practice -- Deployment Business Function -- Vulnerability Management Practice -- Environment Hardening Practice -- Operational Enablement Practice -- Applying SAMM---Getting the Job Done -- Understanding the Maturity Levels -- SAMM Approach to Assessment -- Using Scorecards to Measure Success -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 11 The Building Security In Maturity Model (BSIMM) -- Overview of the BSIMM -- The Study -- BSIMM4 in Context -- Governance Domain -- Strategy & Metrics Practice -- Compliance & Policy Practice -- Training Practice -- Intelligence Domain -- Attack Models Practice -- Security Features and Design Practice -- Standards and Requirements Practice -- SSDL Touchpoints Domain -- Architecture Analysis -- Code Review -- Security Testing -- Deployment Domain -- Penetration Testing -- Software Environment -- Configuration Management and Vulnerability Management -- Applying the BSIMM -- Key Lessons -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- ch. 12 Aligning the ICT Organization with Regulatory Requirements -- Overview of Regulatory Models for ICT Organizations -- The Federal Information Security Act of 2002 -- NIST 800-53 and General Implementation for FIPS 200 -- Generic Security Controls -- NIST 800-53 Catalog of Baseline Controls -- Organizational Risk Management and NIST 800-53 -- Practical Security Control Architectures -- Real-World Control Formulation and Implementation -- NIST 800-53 Control Baselines -- Six Feasibility Considerations for NIST 800-53 -- Compensating Security Controls -- Chapter Summary -- Key Terms -- Review Questions -- Case Project -- APPENDIX A GPS/CDU Project for Wild Blue Yonder Technologies -- Company Overview -- COTS and GOTS -- Operations -- Data Collection, Metrics, and Tracking -- Structuring the Organization -- Organization Chart -- Specifics of the GPS/CDU Project -- Resource Requirements -- Project Characteristics -- Additional Considerations.
- Subject(s)
- ISBN
- 9781285169903 (pbk.)
1285169905 - Note
- Includes index.
- Source of Acquisition
- Purchased with funds from the Margaret MacDonald Roeder Memorial Libraries Endowment for Engineering; 2014
- Endowment Note
- Margaret MacDonald Roeder Memorial Libraries Endowment for Engineering
View MARC record | catkey: 12563181