Cyber Security EngineeringA Practical Approach for Systems and Software Assurance
Was £24.99, Now £17.49Save: £7.50
Cyber Security Engineering is the definitive modern reference and tutorial on the full range of capabilities associated with modern cyber security engineering. Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody bring together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security throughout your full system development and acquisition lifecycles.
Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, Mead and Woody introduce seven core principles of software assurance, and show how to apply them coherently and systematically. Using these principles, they help you prioritize the wide range of possible security actions available to you, and justify the required investments.
Cyber Security Engineering guides you through risk analysis, planning to manage secure software development, building organizational models, identifying required and missing competencies, and defining and structuring metrics. Mead and Woody address important topics, including the use of standards, engineering security requirements for acquiring COTS software, applying DevOps, analyzing malware to anticipate future vulnerabilities, and planning ongoing improvements.
This book will be valuable to wide audiences of practitioners and managers with responsibility for systems, software, or quality engineering, reliability, security, acquisition, or operations. Whatever your role, it can help you reduce operational problems, eliminate excessive patching, and deliver software that is more resilient and secure.
Chapter 1: Cyber Security Engineering: Lifecycle Assurance of Systems and Software
Chapter 2: Risk Analysis—Identifying and Prioritizing Needs
Chapter 3: Secure Software Development Management and Organizational Models
Chapter 4: Engineering Competencies
Chapter 5: Performing Gap Analysis
Chapter 6: Metrics
Chapter 7: Special Topics in Cyber Security Engineering
Chapter 8: Summary and Plan for Improvements in Cyber Security Engineering Performance
Appendix A: WEA Case Study: Evaluating Security Risks Using Mission Threads
Appendix B: The MSwA Body of Knowledge with Maturity Levels Added
Appendix C: The Software Assurance Curriculum Project
Appendix D: The Software Assurance Competency Model Designations
Appendix E: Proposed SwA Competency Mappings
Appendix F: BSIMM Assessment Final Report
Appendix G: Measures from Lifecycle Activities, Security Resources, and Software Assurance Principles
• SEI's complete, practical guide to developing and acquiring secure systems
• Includes modern cybersecurity principles derived from important new case studies
• Shows how to make effective system and software engineering decisions to achieve operational security
• Helps you identify and evaluate existing cybersecurity engineering competencies and capabilities, define and prioritize needs, plan improvements, and measure progress
• The latest title in the SEI Series in Software Engineering, from the Software Engineering Institute, world renowned experts in software assurance for government and industry
Dr. Nancy R. Mead is a Fellow and Principal Researcher at the Software Engineering Institute (SEI). She is also an Adjunct Professor of Software Engineering at Carnegie Mellon University. She is currently involved in the study of security requirements engineering and the development of software assurance curricula. She served as director of software engineering education for the SEI from 1991 to 1994. Her research interests are in the areas of software security, software requirements engineering, and software architectures.
Prior to joining the SEI, Dr. Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM’s software engineering technology area and managed IBM Federal Systems’ software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses, and she has served on many advisory boards and committees.
Dr. Mead has authored more than 150 publications and invited presentations. She is a Fellow of the Institute of Electrical and Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society, and is a Distinguished Educator of the Association for Computing Machinery. She received the 2015 Distinguished Education Award from the IEEE Computer Society Technical Council on Software Engineering. The Nancy Mead Award for Excellence in Software Engineering Education is named for her and has been awarded since 2010, with Professor Mary Shaw as the first recipient.
Dr. Mead received her PhD in mathematics from the Polytechnic Institute of New York, and received a BA and an MS in mathematics from New York University
Dr. Carol C. Woody has been a senior member of the technical staff at the Software Engineering Institute since 2001. Currently she is the manager of the Cyber Security Engineering team, which focuses on building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems.
Dr. Woody leads engagements with industry and the federal government to improve the trustworthiness and reliability of the software products and capabilities we build, buy, implement, and use. She has helped organizations identify effective security risk management solutions, develop approaches to improve their ability to identify security and survivability requirements, and field software and systems with greater assurance. For example, she worked with the Department of Homeland Security (DHS) on defining security guidelines for its implementation of wireless emergency alerting so originators such as the National Weather Service and commercial mobile service providers such as Verizon and AT&T could ensure that the emergency alerts delivered to your cell phones are trustworthy. Her publications define capabilities for measuring, managing, and sustaining cyber security for highly complex networked systems and systems of systems. In addition, she has developed and delivered training to transition assurance capabilities to the current and future workforce.
Dr. Woody has held roles in consulting, strategic planning, and project management. She has successfully implemented technology solutions for banking, mining, clothing and tank manufacturing, court and land records management, financial management, human resources management, and social welfare administration, using such diverse capabilities as data mining, artificial intelligence, document image capture, and electronic workflow.
Dr. Woody is a senior member of the Institute of Electrical and Electronic Engineers, Inc. Computer Society and a senior member of the Association for Computing Machinery. She holds a BS in mathematics from the College of William & Mary, an MBA with distinction from The Babcock School at Wake Forest University, and a PhD in information systems from NOVA Southeastern University.
Expert Reviews“This book presents a wealth of extremely useful material and makes it available from a single source.”
—Nadya Bartol, Vice President of Industry Affairs and Cybersecurity Strategist, Utilities Technology Council
“Drawing from more than 20 years of applied research and use, CSE serves as both a comprehensive reference and a practical guide for developing assured, secure systems and software—addressing the full lifecycle; manager and practitioner perspectives; and people, process, and technology dimensions.”
—Julia Allen, Principal Researcher, Software Engineering Institute
Your opinions count
Be the first to review this product. Write your review now.