More specifically this includes concerns that cross

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: timizations. Governance Governance is centered on the processes and activities related to how an organization manages overall software development activities. More specifically, this includes concerns that cross-cut groups involved in development as well as business processes that are established at the organization level. ...more on page 10 Construction Construction concerns the processes and activities related to how an organization defines goals and creates software within development projects. In general, this will include product management, requirements gathering, high-level architecture specification, detailed design, and implementation. ...more on page 12 SAMM / Understanding the Model - v1.0 Verification 8 Verification is focused on the processes and activities related to how an organization checks and tests artifacts produced throughout software development. This typically includes quality assurance work such as testing, but it can also include other review and evaluation activities. ...more on page 14 Deployment Deployment entails the processes and activities related to how an organization manages release of software that has been created.This can involve shipping products to end users, deploying products to internal or external hosts, and normal operations of software in the runtime environment. ...more on page 16 Strategy & Metrics involves the over- Policy & Compliance involves setting up a security and compliance control and audit framework throughout an organization to achieve increased assurance in software under construction and in operation.. Education & Guidance involves in- Threat Assessment involves accu- rately identifying and characterizing potential attacks upon an organization’s software in order to better understand the risks and facilitate risk management. Security Requirements involves promoting the inclusion of security-related requirements during the software development process in order to specify correct functionality from inception. Secure Architecture involves bolstering the design process with activities to promote secure-by-default designs and control over technologies and frameworks upon which software is built. Design Review involves inspection of Code Review involves assessment of Security Testing involves testing the Vulnerability Management involves establishing consistent processes for managing internal and external vulnerability reports to limit exposure and gather data to enhance the security assurance program. Environment Hardening involves implementing controls for the operating environment surrounding an organization’s software to bolster the security posture of applications that have been deployed. Operational Enablement involves identifying and capturing security-relevant information needed by an operator to properly configure, deploy, and run an organization’s software. creasing security knowledge amongst personnel in software development through training and guidance on security topics relevant to individual job functions....
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online