SwA in Education, Training & Certification - US-Cert
SwA in Education, Training & Certification - US-Cert
SwA in Education, Training & Certification - US-Cert
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 5 – A List of <strong>SwA</strong> focused Books for Use <strong>in</strong> <strong>Education</strong> and Tra<strong>in</strong><strong>in</strong>g<br />
Topic Title and Publisher Summary and Possible Use<br />
Standards-based <strong>SwA</strong><br />
Solutions<br />
Software Assurance Pocket Guide Series:<br />
Life Cycle Support, Volume I – Version 2.2, Mar 16, 2011<br />
System Assurance: Beyond Detect<strong>in</strong>g<br />
Vulnerabilities , Nikolai Mansourov and Djenana<br />
Campara, Morgan Kaufmann Publishers,<br />
Elsevier, 2011(ISBN: 978-0-12-381414-2<br />
Static Analysis Secure Programm<strong>in</strong>g with Static Analysis,<br />
Brian Chess, Jacob West, Addison Wesley,<br />
2007.<br />
Standards of Practice<br />
Table 6– Doma<strong>in</strong>-specific <strong>SwA</strong> standards used <strong>in</strong> practice<br />
Standard Source Purpose<br />
Assurance Process<br />
Reference Model (PRM)<br />
BSIMM2: The Build<strong>in</strong>g<br />
Security In Maturity<br />
Model<br />
CERT Resilience<br />
Management Model<br />
Presentation:<br />
https://buildsecurity<strong>in</strong>.uscert.gov/swa/downloads/ACS<br />
AC2010BartolMoss12-05-<br />
2010.pdf<br />
Self Assessment:<br />
https://buildsecurity<strong>in</strong>.uscert.gov/swa/downloads/201<br />
00922_PRM_Practice_List_2<br />
page.pdf<br />
The Object Management Group (OMG) Software<br />
Assurance Ecosystem described <strong>in</strong> this book is a<br />
significant step towards collaborative cyber<br />
security automation; it offers a standards-based<br />
solution for build<strong>in</strong>g security and resilience <strong>in</strong><br />
computer systems.<br />
Detailed discussion of security issues <strong>in</strong> several<br />
open source applications; steps <strong>in</strong> the static<br />
analysis process.<br />
The Assurance PRM can be used to help organizations<br />
conduct a gap analysis of exist<strong>in</strong>g practices. The results of a<br />
gap analysis can be used to prioritize and track <strong>SwA</strong><br />
implementation efforts. The Assurance PRM addresses<br />
assurance from executive to developer.<br />
http://bsimm2.com/ Pronounced “bee simm” was created by observ<strong>in</strong>g and<br />
analyz<strong>in</strong>g real-world data from thirty lead<strong>in</strong>g software security<br />
<strong>in</strong>itiatives. The BSIMM can help you determ<strong>in</strong>e how your<br />
organization compares to other real-world software security<br />
<strong>in</strong>itiatives and what steps can be taken to make your approach<br />
more effective.<br />
http://www.cert.org/resilience<br />
/rmm.html<br />
It has two primary objectives:<br />
1. Establish the convergence of operational risk and<br />
resilience management activities such as security,<br />
bus<strong>in</strong>ess cont<strong>in</strong>uity, and aspects of IT operations<br />
management <strong>in</strong>to a s<strong>in</strong>gle model.<br />
2. Apply a process improvement approach to operational<br />
resilience management through the def<strong>in</strong>ition and<br />
application of a capability level scale that expresses<br />
<strong>in</strong>creas<strong>in</strong>g levels of process improvement.<br />
Software Assurance <strong>in</strong> <strong>Education</strong>, Tra<strong>in</strong><strong>in</strong>g & <strong><strong>Cert</strong>ification</strong><br />
13