Foreword
Preface
Chapter 1: Cyber Security Engineering: Lifecycle Assurance of
Systems and Software
Chapter 2: Risk Analysis—Identifying and Prioritizing Needs
Chapter 3: Secure Software Development Management and
Organizational Models
Chapter 4: Engineering Competencies
Chapter 5: Performing Gap Analysis
Chapter 6: Metrics
Chapter 7: Special Topics in Cyber Security Engineering
Chapter 8: Summary and Plan for Improvements in Cyber Security
Engineering Performance
References
Bibliography
Appendix A: WEA Case Study: Evaluating Security Risks Using Mission
Threads
Appendix B: The MSwA Body of Knowledge with Maturity Levels
Added
Appendix C: The Software Assurance Curriculum Project
Appendix D: The Software Assurance Competency Model
Designations
Appendix E: Proposed SwA Competency Mappings
Appendix F: BSIMM Assessment Final Report
Appendix G: Measures from Lifecycle Activities, Security Resources,
and Software Assurance Principles
Index
Dr. Nancy R. Mead is a Fellow and Principal Researcher at
the Software Engineering Institute (SEI). She is also an Adjunct
Professor of Software Engineering at Carnegie Mellon University.
She is currently involved in the study of security requirements
engineering and the development of software assurance curricula.
She served as director of software engineering education for the
SEI from 1991 to 1994. Her research interests are in the areas of
software security, software requirements engineering, and software
architectures.
Prior to joining the SEI, Dr. Mead was a senior technical staff
member at IBM Federal Systems, where she spent most of her career
in the development and management of large real-time systems. She
also worked in IBM’s software engineering technology area and
managed IBM Federal Systems’ software engineering education
department. She has developed and taught numerous courses on
software engineering topics, both at universities and in
professional education courses, and she has served on many advisory
boards and committees.
Dr. Mead has authored more than 150 publications and invited
presentations. She is a Fellow of the Institute of Electrical and
Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society,
and is a Distinguished Educator of the Association for Computing
Machinery. She received the 2015 Distinguished Education Award from
the IEEE Computer Society Technical Council on Software
Engineering. The Nancy Mead Award for Excellence in Software
Engineering Education is named for her and has been awarded since
2010, with Professor Mary Shaw as the first recipient.
Dr. Mead received her PhD in mathematics from the Polytechnic
Institute of New York, and received a BA and an MS in mathematics
from New York University
Dr. Carol C. Woody has been a senior member of the technical
staff at the Software Engineering Institute since 2001. Currently
she is the manager of the Cyber Security Engineering team, which
focuses on building capabilities in defining, acquiring,
developing, measuring, managing, and sustaining secure software for
highly complex networked systems as well as systems of systems.
Dr. Woody leads engagements with industry and the federal
government to improve the trustworthiness and reliability of the
software products and capabilities we build, buy, implement, and
use. She has helped organizations identify effective security risk
management solutions, develop approaches to improve their ability
to identify security and survivability requirements, and field
software and systems with greater assurance. For example, she
worked with the Department of Homeland Security (DHS) on defining
security guidelines for its implementation of wireless emergency
alerting so originators such as the National Weather Service and
commercial mobile service providers such as Verizon and AT&T
could ensure that the emergency alerts delivered to your cell
phones are trustworthy. Her publications define capabilities for
measuring, managing, and sustaining cyber security for highly
complex networked systems and systems of systems. In addition, she
has developed and delivered training to transition assurance
capabilities to the current and future workforce.
Dr. Woody has held roles in consulting, strategic planning, and
project management. She has successfully implemented technology
solutions for banking, mining, clothing and tank manufacturing,
court and land records management, financial management, human
resources management, and social welfare administration, using such
diverse capabilities as data mining, artificial intelligence,
document image capture, and electronic workflow.
Dr. Woody is a senior member of the Institute of Electrical and
Electronic Engineers, Inc. Computer Society and a senior member of
the Association for Computing Machinery. She holds a BS in
mathematics from the College of William & Mary, an MBA with
distinction from The Babcock School at Wake Forest University, and
a PhD in information systems from NOVA Southeastern University.
“This book presents a wealth of extremely useful material and makes
it available from a single source.”
—Nadya Bartol, Vice President of Industry Affairs and Cybersecurity
Strategist, Utilities Technology Council
“Drawing from more than 20 years of applied research and use, CSE
serves as both a comprehensive reference and a practical guide for
developing assured, secure systems and software—addressing the full
lifecycle; manager and practitioner perspectives; and people,
process, and technology dimensions.”
—Julia Allen, Principal Researcher, Software Engineering
Institute
Ask a Question About this Product More... |