System Assurance: Beyond Detecting Vulnerabilities
- Length: 368 pages
- Edition: 1
- Language: English
- Publisher: Morgan Kaufmann
- Publication Date: 2010-12-20
- ISBN-10: 0123814146
- ISBN-13: 9780123814142
- Sales Rank: #2776221 (See Top 100 Books)
In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable to defects and subversion.
System Assurance: Beyond Detecting Vulnerabilities addresses these critical issues. As a practical resource for security analysts and engineers tasked with system assurance, the book teaches you how to use the Object Management Group’s (OMG) expertise and unique standards to obtain accurate knowledge about your existing software and compose objective metrics for system assurance. OMG’s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about your existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, you will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect your system.
- Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.
- Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
- Case Study illustrating the steps of the System Assurance Methodology using automated tools.
Table of Contents
Chapter 1. Why hackers know more about our systems
Chapter 2. Confidence as a product
Chapter 3. How to build confidence
Chapter 4. Knowledge of system as an element of cybersecurity argument
Chapter 5. Knowledge of risk as an element of cybersecurity argument
Chapter 6. Knowledge of vulnerabilities as an element of cybersecurity argument
Chapter 7. Vulnerability patterns as a new assurance content
Chapter 8. OMG software assurance ecosystem
Chapter 9. Common fact model for assurance content
Chapter 10. Linguistic models
Chapter 11. Standard protocol for exchanging system facts
Chapter 12. Case study