csce548-lect20

csce548-lect20 - CSCE 548 CSCE Security Standards Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 548 CSCE 548 Security Standards Security Standards Awareness and Training Awareness and Training
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 2 Cyber Attacks Cyber Attacks Takes advantage of weakness in Physical environment Computer system Software bugs Human practices Need to identify, remove, and tolerate vulnerabilities
Background image of page 2
Secure Programs Secure Programs How do we keep programs free from flaws? How do we protect computing resources against programs that contain flaws? CSCE 548 - Farkas 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
What is Secure? What is Secure? Characteristics that contribute to security Who defines the characteristics? Assessment of security What is the basis for the assessment? IEEE Standard for Software Verification and Validation, 2005 Bug, error, fault, … CSCE 548 - Farkas 4
Background image of page 4
Proof of Program Correctness Proof of Program Correctness Correctness : a given program computes a particular result, computes it correctly, and does nothing beyond what it is supposed to do. Program verification : Initial assertion about the inputs Checking if the desired output is generated Problems : correctness depends on how the program statements are translated into logical implications, difficult to use and not intuitive, less developed than code production CSCE 548 - Farkas 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Standards of Program Standards of Program Development Development Software development organizations: specified software development practices Administrative control over: Design Documentation, language, coding style Programming Testing Configuration management CSCE 548 - Farkas 6
Background image of page 6
Process Management Process Management Human aspects : difficult to judge in advance How to assure that software is built in an orderly manner and that it leads to correct and secure product? Process models: examine how and organization does something CSCE 548 - Farkas 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 8 Reading Reading Reading for this lecture: Carnegie Mellon, Software Engineering Institute (SEI): Capability Maturity Model Integration (CMMI®), http://www.sei.cmu.edu/cmmi/ US National Security Agency: System Security Engineering CMM (SSE CMM), http://www.sse-cmm.org/index.html Recommended DOD 8570.01-M, Information Assurance Workforce Improvement Program, http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf Certified Information Systems Security Professional (CISSP), http://www.isc2.org/cissp/default.aspx
Background image of page 8
CSCE 548 - Farkas 9 National Training Standards National Training Standards Committee on National Security Systems (CNSS) and the National Security Agency (NSA) National Training Standards NSTISSI-4011 , National Training Standard for Information Systems Security (INFOSEC) Professionals CNSSI-4012 , National Information Assurance Training Standard for Senior Systems Managers (SSM) NSTISSI-4013 , National Information Assurance Training Standard For System Administrators (SA) NSTISSI-4014 , Information Assurance Training Standard for
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 548 taught by Professor Farkas during the Spring '10 term at South Carolina.

Page1 / 43

csce548-lect20 - CSCE 548 CSCE Security Standards Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online