Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: . .   21 Creating Scorecards  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   26 Building Assurance Programs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   27 . Independent Software Vendor  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   28 Online Service Provider  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   29 Financial Services Organization  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   30 Government Organization  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   31 The Security Practices    32 Strategy & Metrics  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   34 Policy & Compliance  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   38 Education & Guidance  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   42 Threat Assessment  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   46 Security Requirements  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   50 Secure Architecture  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   54 Design Analysis  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   58 SAMM / Software Assurance Maturity Model - v1.0 Code Review  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   62 4 Security Testing  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   66 Vulnerability Management  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   70 Environment Hardening  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   74 Operational Enablement  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   78 Case Studies    82 VirtualWare  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   84 I would like to... Build a strategic roadmap for an organization Implement or perform security activities 3 ✦ Executive Summary 8-9 ✦ Business Functions 0-11 ✦ Governance 1 2-13 ✦ Construction 1 4-15 ✦ Verification 1 6-17 ✦ Deployment 1 1-25 ✦ Conducting Assessments 2 26 ✦ Creating Scorecards 20 ✦ Using the Maturity Levels 4-37 ✧ Strategy & Metrics 3 8-41 ✧ Policy & Compliance 3 2-45 ✧ Education & Guidance 4 6-49 ✧ Threat Assessment 4 0-53 ✧ Security Requirements 5 4-57 ✧ Secure Architecture 5 8-61 ✧ Design Review 5 2-65 ✧ Code Review 6 6-69 ✧ Security Testing 6 0-73 ✧ Vulnerability Management 7 4-77 ✧ Environment Hardening 7 8-81 ✧ Operational Enablement 7 7-31 ✧ Building Ass...
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online