This preview shows page 1. Sign up to view the full content.
Unformatted text preview: timizations. Governance
Governance is centered on the processes and activities related to how an organization manages
overall software development activities. More specifically, this includes concerns that cross-cut groups
involved in development as well as business processes that are established at the organization level.
...more on page 10 Construction
Construction concerns the processes and activities related to how an organization defines goals and
creates software within development projects. In general, this will include product management, requirements gathering, high-level architecture specification, detailed design, and implementation.
...more on page 12 SAMM / Understanding the Model - v1.0 Verification 8 Verification is focused on the processes and activities related to how an organization checks and tests
artifacts produced throughout software development. This typically includes quality assurance work
such as testing, but it can also include other review and evaluation activities.
...more on page 14 Deployment
Deployment entails the processes and activities related to how an organization manages release of
software that has been created.This can involve shipping products to end users, deploying products to
internal or external hosts, and normal operations of software in the runtime environment.
...more on page 16 Strategy & Metrics involves the over- Policy & Compliance involves setting
up a security and compliance control and
audit framework throughout an organization to achieve increased assurance in software under construction and in operation.. Education & Guidance involves in- Threat Assessment involves accu- rately identifying and characterizing potential attacks upon an organization’s software
in order to better understand the risks and
facilitate risk management. Security Requirements involves
promoting the inclusion of security-related
requirements during the software development process in order to specify correct
functionality from inception. Secure Architecture involves bolstering the design process with activities
to promote secure-by-default designs and
control over technologies and frameworks
upon which software is built. Design Review involves inspection of Code Review involves assessment of Security Testing involves testing the Vulnerability Management involves
establishing consistent processes for managing internal and external vulnerability reports to limit exposure and gather data to
enhance the security assurance program. Environment Hardening involves
implementing controls for the operating
environment surrounding an organization’s
software to bolster the security posture of
applications that have been deployed. Operational Enablement involves
identifying and capturing security-relevant
information needed by an operator to
properly configure, deploy, and run an organization’s software. creasing security knowledge amongst personnel in software development through
training and guidance on security topics
relevant to individual job functions....
View Full Document
This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.
- Spring '14