This book brings together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security early and throughout the full lifecycles of both system development and acquisition. Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol Woody present the latest practical knowledge and case studies, demonstrating strategies and techniques that have been repeatedly proven to reduce operational problems and the need for software patching. Using these methods, any software practitioner or manager can make system and software engineering decisions that are far more likely to achieve appropriate operational results.
Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, the authors introduce seven core principles of software assurance, and demonstrate how to apply them through all four key areas of cybersecurity engineering:
- Security and Software Assurance Engineering
- Security and Software Assurance Management
- Security and Software Assurance Measurement and Analysis
- Software Assurance Education and Competencies
For each area, Mead and Woody present key standards, methods, services, tools, and best practices, illuminating these with relevant examples, references to research results, and additional resources. Each area's content is organized to demonstrate how all seven crucial software assurance principles can be addressed coherently and systematically. The authors complement their recommendations with deep insight into why they make sense, and practical guidance on determining whether each action is being performed successfully.
Cyber Security Engineering: A Foundation for Operational Security will serve as the definitive modern reference and tutorial on the full range of capabilities associated with modern cybersecurity engineering. It may also be used as an accompanying text advanced academic courses and continuing education related to the operational security of software systems.