Book description
System Assurance teaches students how to use Object Management Group’s (OMG) expertise and unique standards to obtain accurate knowledge about existing software and compose objective metrics for system assurance.
OMG’s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, students will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect systems.
This book includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture, and code analysis guided by the assurance argument. A case study illustrates the steps of the System Assurance Methodology using automated tools.
This book is recommended for technologists from a broad range of software companies and related industries; security analysts, computer systems analysts, computer software engineers-systems software, computer software engineers- applications, computer and information systems managers, network systems and data communication analysts.
- Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.
- Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
- Case Study illustrating the steps of the System Assurance Methodology using automated tools.
Table of contents
- Cover Image
- Table of Contents
- Front matter
- Copyright
- Dedication
- Foreword
- Preface
- Chapter 1. Why hackers know more about our systems
- 1.1. Operating in cyberspace involves risks
- 1.2. Why hackers are repeatedly successful
- 1.3. What are the challenges in defending cybersystems?
- 1.4. Where do we go from here?
- 1.5. Who should read this book?
- Chapter 2. Confidence as a product
- 2.1. Are you confident that there is no black cat in the dark room?
- 2.2. The nature of assurance
- 2.3. Overview of the assurance process
- Chapter 3. How to build confidence
- 3.1. Assurance in the system life cycle
- 3.2. Activities of system assurance process
- Chapter 4. Knowledge of system as an element of cybersecurity argument
- 4.1. What is system?
- 4.2. Boundaries of the system
- 4.3. Resolution of the system description
- 4.4. Conceptual commitment for system descriptions
- 4.5. System architecture
- 4.6. Example of an architecture framework
- 4.7. Elements of a system
- 4.8. System knowledge involves multiple viewpoints
- 4.9. Concept of operations (CONOP)
- 4.10. Network configuration
- 4.11. System life cycle and assurance
- Chapter 5. Knowledge of risk as an element of cybersecurity argument
- 5.1. Introduction
- 5.2. Basic cybersecurity elements
- 5.3. Common vocabulary for threat identification
- 5.4. Systematic threat identification
- 5.5. Assurance strategies
- 5.6. Assurance of the threat identification
- Chapter 6. Knowledge of vulnerabilities as an element of cybersecurity argument
- 6.1. Vulnerability as a unit of Knowledge
- 6.2. Vulnerability databases
- 6.3. Vulnerability life cycle
- 6.4. NIST Security Content Automation Protocol (SCAP) Ecosystem
- Chapter 7. Vulnerability patterns as a new assurance content
- Keywords
- 7.1. Beyond current SCAP ecosystem
- 7.2. Vendor-neutral vulnerability patterns
- 7.3. Software fault patterns
- 7.4. Example software fault pattern
- Chapter 8. OMG software assurance ecosystem
- 8.1. Introduction
- 8.2. OMG assurance ecosystem: toward collaborative cybersecurity
- Chapter 9. Common fact model for assurance content
- 9.1. Assurance content
- 9.2. The objectives
- 9.3. Design criteria for information exchange protocols
- 9.4. Trade-offs
- 9.5. Information exchange protocols
- 9.6. The nuts and bolts of fact models
- 9.7. The representation of facts
- 9.8. The common schema
- 9.9. System assurance facts
- Chapter 10. Linguistic models
- 10.1. Fact models and linguistic models
- 10.2. Background
- 10.3. Overview of SBVR
- 10.4. How to use SBVR
- 10.5. SBVR vocabulary for describing elementary meanings
- 10.6. SBVR vocabulary for describing representations
- 10.7. SBVR vocabulary for describing extensions
- 10.8. Reference schemes
- 10.9. SBVR semantic formulations
- Chapter 11. Standard protocol for exchanging system facts
- 11.1. Background
- 11.2. Organization of the KDM Vocabulary
- 11.3. The Process of Discovering System Facts
- 11.4. Discovering the Baseline System Facts
- 11.5. Performing Architecture Analysis
- Chapter 12. Case study
- 12.1. Introduction
- 12.2. Background
- 12.3. Concepts of operations
- 12.4. Business vocabulary and security policy for Clicks2Bricks in SBVR
- 12.5. Building the integrated system model
- 12.6. Mapping cybersecurity facts to system facts
- 12.7. Assurance case
- Index
Product information
- Title: System Assurance
- Author(s):
- Release date: December 2010
- Publisher(s): Morgan Kaufmann
- ISBN: 9780123814159
You might also like
book
Cyber Security Engineering: A Practical Approach for Systems and Software Assurance
Cyber Security Engineering is the definitive modern reference and tutorial on the full range of capabilities …
book
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
Best practices for protecting critical data and systems Information Assurance Handbook: Effective Computer Security and Risk …
book
Network Vulnerability Assessment
Build a network security threat model with this comprehensive learning guide Key Features Develop a network …
book
Essential Cybersecurity Science
If you’re involved in cybersecurity as a software developer, forensic investigator, or network administrator, this practical …