Software Assurance Methods in Support of Cyber Security
This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.
The introduction establishes the importance of focusing on software assurance within the current development and acquisition environment. Assurance methods relevant to each of the four critical software assurance areas are presented and participants are encouraged to discuss ways that adoption into the existing acquisition and development life cycles would improve their organizational software assurance.
The target audience includes software managers and technical leads, software and lead engineers, software and system acquisition experts, and program/project management who are concerned with software security assurance across the acquisition and development life cycles.
- Attendees will understand the challenges of software assurance
- Attendees will be exposed to key concepts and methods for security risk analysis and measurement, security requirements elicitation, mission thread analysis, supply chain risk analysis
- Attendees will begin planning how they will address software assurance for acquisition and development programs
- Attendees will understand the best practices that can be implemented for software assurance
- Introduction to the value of software assurance for development and acquisition
- Mission thread analysis and the use of the Survivability Analysis Framework to apply assurance to mission threads
- Supply chain risk management and its role in software assurance
- Security requirements (overview of the course Security Requirements Engineering Using the SQUARE Method)
- Measurement for software assurance using the Integrated Measurement and Analysis Framework
Participants will receive:
- Course student notebook
- Copy of Addison Wesley book Software Security Engineering: A Guide for Project Managers
This course has no prerequisites.
1 - Day Course
Through the SQUARE project, CERT researchers have developed an end-to-end process for security requirements engineering to help organizations build security into the early stages of the production life cycle. The SQUARE methodology consists of nine steps that generate a final deliverable of categorized and prioritized security requirements. This...
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.