Programs 2 4 95 virtualware 8 3 executive summary 8 9

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: urance Programs 2 4-95 ✧ VirtualWare 8 3 ✦ Executive Summary 8-9 ✦ Business Functions 0-11 ✦ Governance 1 2-13 ✦ Construction 1 4-15 ✦ Verification 1 6-17 ✦ Deployment 1 20 ✦ Using the Maturity Levels 7-31 ✦ Building Assurance Programs 2 1-25 ✧ Conducting Assessments 2 26 ✧ Creating Scorecards 4-95 ✧ VirtualWare 8 4-37 ✧ Strategy & Metrics 3 8-41 ✧ Policy & Compliance 3 2-45 ✧ Education & Guidance 4 6-49 ✧ Threat Assessment 4 0-53 ✧ Security Requirements 5 4-57 ✧ Secure Architecture 5 8-61 ✧ Design Review 5 2-65 ✧ Code Review 6 6-69 ✧ Security Testing 6 0-73 ✧ Vulnerability Management 7 4-77 ✧ Environment Hardening 7 8-81 ✧ Operational Enablement 7 3 ✦ Executive Summary 8-9 ✦ Business Functions 0-11 ✦ Governance 1 2-13 ✦ Construction 1 4-15 ✦ Verification 1 6-17 ✦ Deployment 1 20 ✦ Using the Maturity Levels 4-37 ✧ Strategy & Metrics 3 8-41 ✧ Policy & Compliance 3 2-45 ✧ Education & Guidance 4 6-49 ✧ Threat Assessment 4 0-53 ✧ Security Requirements 5 4-57 ✧ Secure Architecture 5 8-61 ✧ Design Review 5 2-65 ✧ Code Review 6 6-69 ✧ Security Testing 6 0-73 ✧ Vulnerability Management 7 4-77 ✧ Environment Hardening 7 8-81 ✧ Operational Enablement 7 1-25 ✧ Conducting Assessments 2 26 ✧ Creating Scorecards 27-31 ✧ Building Assurance Programs 4-95 ✧ VirtualWare 8 ✦ ✧ read skim SAMM / Software Assurance Maturity Model - v1.0 Assess existing software assurance practices 5 Understanding the Model A view of the big picture SAMM is built upon a collection of Security Practices that are tied back into the core Business Functions involved in software development. This section introduces those Business Functions and the corresponding Security Practices for each. After covering the high-level framework, the Maturity Levels for each Security Practice are also discussed briefly in order to paint a picture of how each can be iteratively improved over time. Business Functions At the highest level, SAMM defines four critical Business Functions. Each Business Function (listed below) is a category of activities related to the nuts-and-bolts of software development, or stated another way, any organization involved with software development must fulfill each of these Business Functions to some degree. For each Business Function, SAMM defines three Security Practices. Each Security Practice (listed opposite) is an area of security-related activities that build assurance for the related Business Function. So overall, there are twelve Security Practices that are the independent silos for improvement that map underneath the Business Functions of software development. For each Security Practice, SAMM defines three Maturity Levels as Objectives. Each Level within a Security Practice is characterized by a successively more sophisticated Objective defined by specific activities and more stringent success metrics than the previous level. Additionally, each Security Practice can be improved independently, though related activities can lead to op...
View Full Document

Ask a homework question - tutors are online