Overview

System Assurance Beyond Detecting Vulnerabilities provides a comprehensive view of systematic, repeatable, and affordable cyberdefense that goes beyond knowledge of vulnerabilities and includes knowledge of the system, knowledge of risks and threats, knowledge of security safeguards, as well as knowledge of the assurance argument, together with the corresponding evidence answering the question why a system is secure. The book is organized into four parts. The first part provides an introduction to cybersecurity knowledge; the need for information exchanges for systematic, repeatable, and affordable cyberdefense; and the motivation for the Object Management Group (OMG) Software Assurance Ecosystem. It discusses the nature of system assurance and its difference for vulnerability detection, and introduces the OMG standard on Software Assurance Cases. It describes an end-to-end methodology for system assurance in the context of the OMG Software Assurance Ecosystem that brings together risk analysis, architecture analysis, and code analysis in an integrated process that is guided and planned by the assurance argument. The second part describes various aspects of cybersecurity knowledge required for building cybersecurity arguments. This knowledge includes system knowledge, knowledge related to security threats and risks, and vulnerability knowledge. The third part provides an overview of the protocols of the OMG Software Assurance Ecosystem. It covers the Common Fact Model approach; linguistic models and the OMG Semantics of Business Vocabularies and Rules (SBVR) standard; and the OMG Knowledge Discovery Metamodel (KDM). The fourth part presents a case study to illustrate some of the activities of a system assurance evaluation. Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.Case Study illustrating the steps of the System Assurance Methodology using automated tools.

Full Product Details

9781282954915

Table of Contents

Reviews

The Object Management Group (OMG) Software Assurance Ecosystem described in this book is a significant step towards collaborative cyber security automation; it offers a standards-based solution for building security and resilience in computer systems. -Joe Jarzombek, Director for Software Assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security System Assurance is a very complex and difficult subject. This book successfully demonstrates and describes in detail how to combine different existing tools together in order to systematically develop System Assurance documentation and justification in a practical manner for a specific domain. The book provides very useful practical guidance that can be used by technical and management practitioners for the specific domain described, and by example for others for different domains. -John P. Hopkinson, Security Strategist, Kwictech

<p> The Object Management Group (OMG) Software Assurance Ecosystem described in this book is a significant step towards collaborative cyber security automation; it offers a standards-based solution for building security and resilience in computer systems. -Joe Jarzombek, Director for Software Assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security<p> System Assurance is a very complex and difficult subject. This book successfully demonstrates and describes in detail how to combine different existing tools together in order to systematically develop System Assurance documentation and justification in a practical manner for a specific domain. The book provides very useful practical guidance that can be used by technical and management practitioners for the specific domain described, and by example for others for different domains. -John P. Hopkinson, Security Strategist, Kwictech

Author Information

Tab Content 6

Countries Available