Software Assurance Methods in Support of Cyber Security

This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

The introduction establishes the importance of focusing on software assurance within the current development and acquisition environment. Assurance methods relevant to each of the four critical software assurance areas are presented and participants are encouraged to discuss ways that adoption into the existing acquisition and development life cycles would improve their organizational software assurance.

Who should attend?

The target audience includes software managers and technical leads, software and lead engineers, software and system acquisition experts, and program/project management who are concerned with software security assurance across the acquisition and development life cycles.

Topics

  • Introduction to the value of software assurance for development and acquisition
  • Mission thread analysis and the use of the Survivability Analysis Framework to apply assurance to mission threads
  • Supply chain risk management and its role in software assurance
  • Security requirements (overview of the course Security Requirements Engineering Using the SQUARE Method)
  • Measurement for software assurance using the Integrated Measurement and Analysis Framework


Objectives

  • Attendees will understand the challenges of software assurance
  • Attendees will be exposed to key concepts and methods for security risk analysis and measurement, security requirements elicitation, mission thread analysis, supply chain risk analysis
  • Attendees will begin planning how they will address software assurance for acquisition and development programs
  • Attendees will understand the best practices that can be implemented for software assurance


Prerequisites

This course has no prerequisites.

Materials

Participants will receive:

  • Course student notebook
  • Copy of Addison Wesley book Software Security Engineering: A Guide for Project Managers

Schedule

This one day course meets at the following times:
9:00 a.m. - 5:00 p.m.

Course Details

This course may be offered by special arrangement at customer sites.

Related Links

Library

Insider Fraud in Financial Services

Can We Ever Build Survivable Systems from COTS Components?

See more library items


Courses

Security Requirements Engineering Using the SQUARE Method

For More Information

E-mail: course-info@sei.cmu.edu
Phone: 412-268-7622


Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.