TY - BOOK AU - Paul,Mano TI - The 7 qualities of highly secure software SN - 9781439814468 AV - QA76.76.D47 P3774 2012 PY - 2012/// CY - Boca Raton, FL PB - CRC Press KW - Computer software KW - Development KW - Computer security KW - Software engineering N1 - "An Auerbach book."; Includes bibliographical references and index; Machine generated contents note: 1.Quality #1: Security Is Built In, Not Bolted On -- Prelude: The Ant and the Grasshopper -- Introduction -- Security Myths That Need Busting -- Myth #1 We Have a Firewall -- Myth #2 We Use SSL -- Myth #3 We Have Intrusion Detection Systems and Intrusion Prevention Systems (IDSs/IPSs) -- Myth #4 Our Software Will Not Be Accessible from the Internet -- Myth #5 We Have Never Been Compromised -- Myth #6 Security Is "Not My Job" but the Responsibility of the Service Provider -- Myth #7 Security Adds Little to No Value to the Business -- Build Security In: The Need -- Build Security In: What It Takes -- Build Security In: The Value-Add -- Conclusion -- References -- 2.Quality #2: Functionality Maps to a Security Plan -- Prelude: Breaking the Tape -- Introduction -- What Is a Security Plan? -- Security Plan Development -- Step 1 Identify Security Objectives -- Step 2 Identify Applicable Requirements -- Step 3 Identify Threats --; Contents note continued: Step 4 Identify Applicable Controls -- Benefits of a Security Plan -- Mapped Software -- Conclusion -- References -- 3.Quality #3: Includes Foundational Assurance Elements -- Prelude: What Lies Beneath? -- Introduction -- Data: The New Frontier -- Data under Siege -- Foundational Assurance Elements -- Confidentiality -- Integrity -- Availability -- Authentication -- Authorization -- Auditing -- Conclusion -- References -- 4.Quality #4: Is Balanced -- Prelude: The Clown Fish and the Anemone -- Introduction -- Balancing Scale: Risk and Reward -- Balancing Scale: Functionality and Assurance -- Balancing Scale: Threats and Controls -- Conclusion -- References -- 5.Quality #5: Incorporates Security Requirements -- Prelude: Lost in Translation -- Introduction -- Types of Software Security Requirements -- Techniques to Elicit Software Security Requirements -- Traceability of Software Security Requirements -- Requirements to Retirement -- Conclusion --; Contents note continued: References -- 6.Quality #6: Is Developed Collaboratively -- Prelude: There Is No "I" in Team! -- Introduction -- Stakeholders in the Game: Whose Perspective? -- Business -- Security -- Management -- Development -- Legal -- Privacy -- Auditors -- Vendors -- Conclusion -- References -- 7.Quality #7: Is Adaptable -- Prelude: The Shark is a Polyphyodont -- Introduction -- Law of Resiliency Degradation -- Software Adaptability: Technology, Threats, and Talent -- Technology -- Threats -- Talent -- Begin with the Future in Mind -- Secure Software Requires Security-Savvy People -- Conclusion -- References -- 8.Epilogue ER -