Paul | The 7 Qualities of Highly Secure Software | E-Book | sack.de
E-Book

E-Book, Englisch, 160 Seiten

Paul The 7 Qualities of Highly Secure Software


Erscheinungsjahr 2013
ISBN: 978-1-4398-1447-5
Verlag: Taylor & Francis
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

E-Book, Englisch, 160 Seiten

ISBN: 978-1-4398-1447-5
Verlag: Taylor & Francis
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

The 7 Qualities of Highly Secure Software provides a framework for designing, developing, and deploying hacker-resilient software. It uses engaging anecdotes and analogies—ranging from Aesop’s fables, athletics, architecture, biology, nursery rhymes, and video games—to illustrate the qualities that are essential for the development of highly secure software.

Each chapter details one of the seven qualities that can make your software highly secure and less susceptible to hacker threats. Leveraging real-world experiences and examples, the book:

- Explains complex security concepts in language that is easy to understand for professionals involved in management, software development, and operations

- Specifies the qualities and skills that are essential for building secure software

- Highlights the parallels between the habits of effective people and qualities in terms of software security

Praise for the Book:

This will be required reading for my executives, security team, software architects and lead developers.
—David W. Stender, CISSP, CSSLP, CAP, CISO of the US Internal Revenue Service
Developing highly secure software should be at the forefront of organizational strategy and this book provides a framework to do so.
—Troy Leach, CTO, PCI Security Standards Council
This book will teach you the core, critical skills needed to raise the security bar on the attackers and swing the game in your favor.
—Michael Howard, Principal Cyber Security Program Manager, Microsoft
As a penetration tester, my job will be a lot harder as people read this book!
—Kevin Johnson, Security Consultant, Secure Ideas

Paul The 7 Qualities of Highly Secure Software jetzt bestellen!

Zielgruppe

Software developers, C-level executives, information security professionals; operations and information security professionals.

Autoren/Hrsg.

Paul, Mano

Fachgebiete

Weitere Infos & Material

Preface

Quality Security Is Built In versus Bolted On (Be Proactive)
Prelude: The Ant and the Grasshopper
Introduction
Security Myths That Need Busting
Myth #1: We Have a Firewall
Myth #2: We Use SSL
Myth #3: We Have Intrusion Detection Systems and Intrusion Prevention Systems (IDSs/IPSs)
Myth #4: Our Software Will Not Be Accessible from the Internet
Myth #5: We Have Never Been Compromised
Myth #6: Security Is "Not my Job" but the Responsibility of the Service Provider
Myth #7: Security Adds Little to No Value to the Business
Build Security In: The Need
Build Security In: What It Takes
Build Security In: The Value-Add
Conclusion
References

Quality Functionality Maps to a Security Plan
(Begin with the End in Mind)
Prelude: Breaking the Tape Introduction
What Is a Security Plan?
Security Plan Development
Step 1: Identify Security Objectives
Step 2: Identify Applicable Requirements
Step 3: Identify Threats
Step 4: Identify Applicable Controls
Benefits of a Security Plan
Mapped Software
Conclusion
References

Quality Includes Foundational Assurance Elements (Put First Things First)
Prelude: What Lies Beneath?
Introduction
Data: The New Frontier
Data Under Siege
The Foundational Assurance Elements
Confidentiality
Integrity
Availability
Authentication
Authorization
Auditing
Conclusion
References

Quality Is Balanced (Think Win-Win)
Prelude: The Clown Fish and the Anemone
Introduction
The Balancing Scale: Risk and Reward
The Balancing Scale: Functionality and Assurance
The Balancing Scale: Threats and Controls
Conclusion
References

Quality Incorporates Security Requirements
(Seek First to Understand, Then to be Understood)
Prelude: Lost in Translation
Introduction
Types of Software Security Requirements
Techniques to Elicit Software Security Requirements
Traceability of Software Security Requirements
Requirements to Retirement
Conclusion
References

Quality Is Collaboratively Developed
(Synergize)
Prelude: There Is No "I" in Team!
Introduction
Stakeholders in the Game: Whose Perspective?
Business
Security
Management
Development
Legal
Privacy
Auditors
Vendors
Conclusion
References

Quality Is Adaptable (Sharpen the Saw)
Prelude: The Shark is a Polyphyodont
Introduction
The Law of Resiliency Degradation
Software Adaptability: Technology, Threats, and Talent
Technology
Threats
Talent
Begin with the Future in Mind
Secure Software Requires Security-Savvy
People
Conclusion
References

Epilogue
Quality Habits
Index

Manoranjan (Mano) Paul is the Software Assurance Advisor for (ISC)2, the global leader in information security education and certification, representing and advising the organization on software assurance strategy, training, education, and certification. He is also a member of the Application Security Advisory Board. He is the winner of the first Information Security Leadership Awards (ISLA) as a practitioner in the Americas region. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education.

Paul started his career as a shark researcher in the Bimini Biological Field Station, Bahamas. His educational pursuit took him to the University of Oklahoma where he received his Business Administration degree in Management Information Systems (MIS) with various accolades and the coveted 4.0 GPA. Following his entrepreneurial acumen, he founded and serves as the CEO and President of Express Certifications, a professional certification assessment and training company that developed studISCope, (ISC)2’s official self-assessment offering for their certifications. Express Certifications is also the self-assessment testing company behind the US Department of Defense certification education program as mandated by the 8570.1 directive. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting. Before Express Certifications and SecuRisk Solutions, Paul played several roles from software developer, quality assurance engineer, logistics manager, technical architect, IT strategist, and security engineer/program manager/strategist at Dell, Inc.

Paul is the author of the Official Guide to the CSSLP (Certified Secure Software Lifecycle Professional) and is a contributing author to the Information Security Management Handbook, and has contributed to several security topics for the Microsoft Solutions Developer Network (MSDN). He has served as Vice-President, industry representative, and an appointed faculty member of the Capitol of Texas Information System Security Association (ISSA) chapter and vice president of the cloud Security Alliance (CSA), Austin chapter. He has been featured in various domestic and international security conferences and is an invited speaker and panelist, delivering talks, training, and keynotes at conferences such as the SANS, OWASP, ASIS, CSI, Gartner Catalyst, and SC World Congress. Paul holds the following professional certifications: CSSLP, CISSP, AMBCI, MCSD, MCAD, CompTIA Network+, and ECSA certification.

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.