book

System Assurance

by Nikolai Mansourov, Djenana Campara

December 2010

Intermediate to advanced

368 pages

10h 49m

English

Morgan Kaufmann

Read now

Unlock full access

Cover Image
Table of Contents
Front matter
Copyright
Dedication
Foreword
Preface
Chapter 1. Why hackers know more about our systems
1.1. Operating in cyberspace involves risks1.2. Why hackers are repeatedly successful1.3. What are the challenges in defending cybersystems?1.4. Where do we go from here?1.5. Who should read this book?
Chapter 2. Confidence as a product
2.1. Are you confident that there is no black cat in the dark room?2.2. The nature of assurance2.3. Overview of the assurance process
Chapter 3. How to build confidence
3.1. Assurance in the system life cycle3.2. Activities of system assurance process

Chapter 4. Knowledge of system as an element of cybersecurity argument
4.1. What is system?4.2. Boundaries of the system4.3. Resolution of the system description4.4. Conceptual commitment for system descriptions4.5. System architecture4.6. Example of an architecture framework4.7. Elements of a system4.8. System knowledge involves multiple viewpoints4.9. Concept of operations (CONOP)4.10. Network configuration4.11. System life cycle and assurance
Chapter 5. Knowledge of risk as an element of cybersecurity argument
5.1. Introduction5.2. Basic cybersecurity elements5.3. Common vocabulary for threat identification5.4. Systematic threat identification5.5. Assurance strategies5.6. Assurance of the threat identification
Chapter 6. Knowledge of vulnerabilities as an element of cybersecurity argument
6.1. Vulnerability as a unit of Knowledge6.2. Vulnerability databases6.3. Vulnerability life cycle6.4. NIST Security Content Automation Protocol (SCAP) Ecosystem
Chapter 7. Vulnerability patterns as a new assurance content
Keywords7.1. Beyond current SCAP ecosystem7.2. Vendor-neutral vulnerability patterns7.3. Software fault patterns7.4. Example software fault pattern
Chapter 8. OMG software assurance ecosystem
8.1. Introduction8.2. OMG assurance ecosystem: toward collaborative cybersecurity
Chapter 9. Common fact model for assurance content
9.1. Assurance content9.2. The objectives9.3. Design criteria for information exchange protocols9.4. Trade-offs9.5. Information exchange protocols9.6. The nuts and bolts of fact models9.7. The representation of facts9.8. The common schema9.9. System assurance facts
Chapter 10. Linguistic models
10.1. Fact models and linguistic models10.2. Background10.3. Overview of SBVR10.4. How to use SBVR10.5. SBVR vocabulary for describing elementary meanings10.6. SBVR vocabulary for describing representations10.7. SBVR vocabulary for describing extensions10.8. Reference schemes10.9. SBVR semantic formulations
Chapter 11. Standard protocol for exchanging system facts
11.1. Background11.2. Organization of the KDM Vocabulary11.3. The Process of Discovering System Facts11.4. Discovering the Baseline System Facts11.5. Performing Architecture Analysis
Chapter 12. Case study
12.1. Introduction12.2. Background12.3. Concepts of operations12.4. Business vocabulary and security policy for Clicks2Bricks in SBVR12.5. Building the integrated system model12.6. Mapping cybersecurity facts to system facts12.7. Assurance case
Index

Overview

System Assurance teaches students how to use Object Management Group’s (OMG) expertise and unique standards to obtain accurate knowledge about existing software and compose objective metrics for system assurance.

OMG’s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, students will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect systems.

This book includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture, and code analysis guided by the assurance argument. A case study illustrates the steps of the System Assurance Methodology using automated tools.

This book is recommended for technologists from a broad range of software companies and related industries; security analysts, computer systems analysts, computer software engineers-systems software, computer software engineers- applications, computer and information systems managers, network systems and data communication analysts.

Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.
Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
Case Study illustrating the steps of the System Assurance Methodology using automated tools.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Information Security Handbook - Second Edition

Publisher Resources

ISBN: 9780123814142

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills