Atjaunināt sīkdatņu piekrišanu

E-grāmata: Software Quality Assurance: Integrating Testing, Security, and Audit

2.00/5 (1 ratings by Goodreads)
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 48,83 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Software Quality Assurance: Integrating Testing, Security, and AuditPalielināt
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Software Quality Assurance: Integrating Testing, Security, and Audit focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.

The book is divided into four sections: The first section addresses the basic concepts of software quality, validation and verification, and audits. It covers the major areas of software management, software life cycle, and life cycle processes. The second section is about testing. It discusses test plans and strategy and introduces a step-by-step test design process along with a sample test case. It also examines what a tester or test lead needs to do before and during test execution and how to report after completing the test execution.

The third section deals with security breaches and defects that may occur. It discusses documentation and classification of incidences as well as how to handle an occurrence. The fourth and final section provides examples of security issues along with a security policy document and addresses the planning aspects of an information audit. This section also discusses the definition, measurement, and metrics of reliability based on standards and quality metrics methodology CMM models. It discusses the ISO 15504 standard, CMMs, PSP, and TSP and includes an appendix containing a software process improvement sample document.
Preface xxv
Content Overview xxvii
Acknowledgments xxxi
Author xxxiii
Section I Concept
Chapter 1 Quality Concept And Perspectives
3(32)
Introduction
3(1)
Part 1: Software Quality Concept
3(7)
Defining Software Quality
3(2)
Integrating Test, Security, and Audit
5(1)
Why Is Software Quality Important?
6(1)
What Is the Benefit of Software Quality in Business?
7(1)
Lack of Quality Is the Reason for Failure
8(1)
Failure Factors
8(2)
Part 2: Software Quality Characteristics
10(5)
What Is the Business Benefit of Quality Characteristics?
10(1)
Standard for Quality Characteristics ISO/IEC 9126
10(1)
Quality Characteristics
11(2)
Detailed Descriptions of Quality Characteristics
13(1)
Functionality
13(1)
Suitability
13(1)
Accuracy
13(1)
Interoperability
13(1)
Security
13(1)
Functionality Compliance
13(1)
Reliability
13(1)
Maturity
13(1)
Fault Tolerance
13(1)
Recoverability
13(1)
Reliability Compliance
13(1)
Usability
14(1)
Understandability
14(1)
Learnability
14(1)
Operability
14(1)
Usability Compliance
14(1)
Efficiency
14(1)
Time Behavior
14(1)
Resource Behavior
14(1)
Efficiency Compliance
14(1)
Maintainability
14(1)
Analyzability
14(1)
Changeability
14(1)
Stability
14(1)
Testability
14(1)
Maintainability Compliance
14(1)
Portability
15(1)
Adaptability
15(1)
Installability
15(1)
Coexistence/Conformance
15(1)
Portability Compliance
15(1)
Control Objectives for Information and Related Technology (COBIT)
15(3)
Introduction
15(1)
Meta-Requirements
16(1)
Capability Maturity Model Integration (CMMI)
17(1)
Quality Characteristics, COBIT, and CMMI
18(1)
Part 3: Validation and Verification
18(5)
Role of V&V in Software Quality
20(1)
Software V&V Processes
20(3)
V&V Task Reports
20(1)
V&V Activity Summary Reports
21(1)
V&V Anomaly Reports
21(1)
Testing: Application
22(1)
Unit Testing Plan
22(1)
Determine Features to Be Tested
22(1)
Design the Test Set
22(1)
Implement the Test Plan
23(1)
Execute the Test Procedures
23(1)
Part 4: Reviews and Audit
23(12)
Management Reviews
24(2)
Application
25(1)
Focus
25(1)
Input
25(1)
When to Conduct a Management Review
25(1)
Review Procedures
26(1)
Planning
26(1)
Preparation and Execution
26(1)
Technical Reviews
26(1)
Responsibilities
27(1)
Input
27(1)
Inspections
27(2)
Responsibilities
28(1)
Inspection Rules and Procedures
29(1)
Walkthroughs
29(3)
Responsibilities
30(2)
Audits
32(3)
Chapter 2 Management And Process
35(24)
Introduction
35(1)
Part 1: Software Management
35(5)
Software Management
35(1)
Information Governance
35(1)
Information Governance, IT Governance, and Data Governance
36(1)
IT Governance
36(1)
Data Governance
36(1)
IG—EG and Strategic Planning
36(1)
Making the Process Systematic
37(1)
IT Process Alignment
38(1)
The Expert Models for Software Management
38(1)
ISO 12207/IEEE 12207.0
39(1)
Serves as a Model for
39(1)
Integration of IEEE 12207 and SESC
39(1)
Acquisition
39(1)
Development
39(1)
Operation
40(1)
Supporting Documentation
40(1)
Part 2: Software Life Cycle Models
40(5)
What Is Software Life Cycle?
40(1)
Life Cycle Models
41(2)
Boehm's Spiral
41(1)
Agile Methodology
41(1)
What Is Agile? What Does It Mean?
42(1)
Agile Principles
43(2)
Waterfall
45(1)
Part 3: Life Cycle Processes
45(14)
Primary Life Cycle Process
46(6)
Acquisition Process
47(1)
Supply Process
48(1)
Development Process
49(1)
Operations Process
50(1)
Maintenance Process
51(1)
Supporting Life Cycle Processes
52(4)
Documentation Process
52(1)
Configuration Management Process
52(1)
Quality Assurance Process
53(1)
Verification Process
54(1)
Validation Process
54(1)
Joint Review Process
55(1)
Audit Process
55(1)
Audit Process Tasks
56(3)
Section II Testing
Chapter 3 Testing: Concept And Definition
59(14)
Introduction
59(1)
Part 1: Testing in the Software Life Cycle
59(1)
What Is Software Testing?
59(1)
Requirements
60(2)
Identification and Specification
60(1)
Specification
60(1)
Functional System Development
60(1)
Technical System Design
61(1)
Component Specification
61(1)
Coding
61(1)
Testing
61(1)
Are We Building the Right System?
61(1)
Are We Building the System Right?
62(1)
Part 2: Software Testing Life Cycle
62(3)
SDLC and STLC
63(2)
Part 3: Kinds/Types of Testing
65(6)
Black Box Testing
65(1)
White Box Testing
65(1)
Unit Testing
65(1)
Integration Testing
66(1)
Incremental Integration Testing
66(1)
Functional Testing
66(1)
System Testing
66(1)
End-to-End Testing
67(1)
Sanity Testing
67(1)
Regression Testing
67(1)
Acceptance Testing
68(1)
Load Testing
68(1)
Stress Testing
68(1)
Performance Testing
69(1)
Usability Testing
69(1)
Install/Uninstall Testing
69(1)
Recovery Testing
69(1)
Security Testing
70(1)
Comparison Testing
70(1)
Alpha Testing
70(1)
Beta Testing
70(1)
Automated Testing
70(1)
Agile Testing
71(1)
Suggested Readings
71(2)
Chapter 4 Testing: Plan And Design
73(30)
Introduction
73(1)
Part 1: Plan and Strategy
73(1)
Test Plan
73(4)
Contents of a Test Plan
73(1)
Test Plan Identification
73(1)
Document Change Control Log
74(1)
Purpose of the Document
74(1)
References
75(1)
Sample Reference Metrics
75(1)
Software Product Overview/Project Description
75(1)
Test Objectives
75(1)
Software Risk Issue and Mitigation
76(1)
Communication and Status Reporting
76(1)
Test Tools
77(1)
Test Scope
77(1)
Part 2: Test Approach and Stages
77(6)
Requirements Analysis
77(1)
Solution Specifications
78(1)
Testing Levels
78(1)
Unit Testing
78(1)
System/Integration Testing
78(1)
System Test
79(1)
System Test Execution
79(1)
Defect Management
79(1)
Acceptance Testing
79(1)
Test Data Preparation
80(1)
Test Environments
80(1)
Sample Entry/Exit Criteria
80(1)
Test Schedule
81(1)
Defect Reporting and Tracking
81(2)
Roles and Responsibilities
83(1)
Appendix
83(1)
Reference Documents
83(1)
Testing Estimation
84(1)
Lessons Learned
84(4)
Project Description
84(4)
What Went Well
88(1)
What Could Have Gone Better
88(1)
NEW Opportunities
88(1)
LOE Accuracy
88(1)
Top Three Recommended Improvements
88(1)
Part 3: Test Design Factors
88(7)
Software Requirement
88(1)
Requirement Identification
89(1)
Requirement Identifier
89(1)
Software Requirement Specification
90(1)
Requirements Evaluation Matrix
91(2)
Business Value of Requirements
93(1)
Scales/Measures
93(1)
Significant Requirement Conflicts and Enablers
93(1)
Estimated Costs and Risks to Satisfy Requirements
93(1)
Scales/Measures
94(1)
Requirements Cost/Benefit and Prioritization Summary
94(1)
Part 4: Test Case Specification and Design
95(8)
Test Case Specification
95(1)
Deliverables
95(1)
Test Environment Setup
95(1)
Deliverables
95(1)
Sample Test Cases
96(1)
Introduction
96(1)
Scope
96(1)
Objective
97(1)
Sample Test Cases
97(1)
Testing Condition 1.1—Login with Correct User ID and Password
97(1)
Testing Condition 1.2—Wrong User ID
97(1)
Testing Condition 1.3—Wrong Password
98(1)
Testing Condition 1.4—Username Blank
98(1)
Testing Condition 1.5—Password Blank
99(1)
Testing Condition 1.6—Username and Password Blank
99(1)
Testing Condition 1.7—Cancel Button Clicked
100(1)
Testing Condition 1.8—Invalid User
100(1)
Summary
101(2)
Chapter 5 Test: Execution And Reporting
103(18)
Introduction
103(1)
Part 1: Starting Test Execution
103(4)
Getting Ready to Start Test Execution
103(1)
Requirement Coverage
104(1)
Requirements Test Coverage Statement
105(1)
Scheduling Test Runs
105(1)
Assigning Test Execution
105(2)
Part 2: Test Result Reporting
107(5)
Status Report
107(1)
Daily Stand-Up Update by Individual
107(1)
Weekly Status Report Template
108(1)
Test Result Summary Report
109(1)
Document Change Control Log
109(1)
Purpose of the Document
109(1)
References: (Sample Reference Metrics)
109(1)
Progression Test Case Execution Status
110(1)
Regression Test Case Execution Status
111(1)
Part 3: View and Analyze Test Results
112(9)
Defect: As a Part of Test Result
112(1)
Requirement Test Case—Defect Traceability Metrics
112(1)
Defect Details
112(1)
Deferred Defects
113(1)
Defects by Root Cause
113(1)
Canceled Defects
113(1)
Defect Summary
113(2)
Requirement Traceability Matrices (RTM)
115(1)
System Test Coverage Metrics (Sample)
116(1)
Test Execution Quality Metrics
116(1)
Defect Tracking Overview
117(1)
Defect Linkage
117(4)
Section III Challenges
Chapter 6 Incident Management
121(24)
Introduction
121(1)
Overview on Incident Management
121(1)
Why Incident Management Is Important
122(1)
Part 1: Identification
123(5)
Definition
123(1)
Incident
123(1)
Information Security Incident
123(1)
Accident
123(1)
Defect
124(1)
Failure
124(1)
Incident Identification
124(1)
Identifying Ways
124(1)
Identifying the Attacking Hosts
125(1)
Incident Initial Documentation
125(1)
Incident Classification
126(2)
Type of Incident
127(1)
Initial Assessment
127(1)
Part 2: Investigation and Analysis
128(5)
Reasons to Investigate
128(1)
Investigation Process
128(2)
Incident Root Cause
129(1)
Collecting Evidences
129(1)
Six Steps for Successful Incident Investigation
130(1)
Incident Analysis
130(1)
Some Examples of Analyzing an Incident
131(2)
Barrier Analysis
131(1)
Damage Mode Effect Analysis
132(1)
Scenario Analysis
132(1)
Time/Loss Analysis for Emergence Response Evaluation
133(1)
Analyzing Warning Time
133(1)
Part 3: Response and Recovery
133(6)
Incident Response
133(3)
Initiate Recovery Mechanisms
136(1)
Review Preliminary Investigation Results
136(1)
Preventing Incidents
137(1)
Incident Notification
137(1)
Evidence Collection and Documentation
138(1)
Part 4: Issues
139(2)
Issues List
139(1)
Project Issues List Instructions
139(2)
Project Issues Log
141(1)
Part 5: Security Incidents
141(4)
Security Incidents Reporting
141(1)
Before an Incident Happens the Team Should
141(1)
After an Incident Happens
141(1)
Responding to a Security Incident
142(1)
Tips for Responding to Security Incidents
142(1)
Steps to Take during the Incident
142(1)
Responding to Security Violations
142(3)
Security Office Actions
143(2)
Chapter 7 Defect Management
145(26)
Introduction
145(1)
Part 1: Definition and Analysis
145(8)
Definitions
145(1)
Defect
145(1)
Definition of an Error
146(1)
Defect Repository
146(1)
What Causes Defects in Software
146(2)
Detecting a Defect Early
148(1)
What Is the Cost of Defects Not Being Detected Early?
148(2)
Defect Life Cycle Steps
150(1)
Step 1: Recognition or Identification
150(1)
Step 2: Investigation
150(1)
Step 3: Action
150(1)
Step 4: Disposition
151(1)
Objectives of Testing
151(1)
Reduce the Risk of Failure
151(1)
Reduce the Cost of Testing
151(1)
Analyze Root Causes
151(2)
Address Causes of Defects
152(1)
Institutionalize a Defined Process
152(1)
Implement the Action Proposals
153(1)
Part 2: Process and Methodology
153(1)
Defect Management Process
153(1)
Identifying
153(1)
Categorizing
153(1)
Prioritizing
153(1)
Assigning
154(1)
Resolving
154(1)
Verifying
154(1)
Closing
154(1)
Management Reporting
154(1)
Roles and Responsibilities in Software Development Life Cycle
154(9)
Business Owner
154(1)
Stakeholders
154(1)
Analyst
155(1)
Developer
155(1)
Tester
155(1)
Conflict Resolution and Escalations during Defect
155(1)
Defect Management Methodology
156(1)
Document Change Control
156(1)
Documentation
156(1)
Statement of Purpose
157(1)
Risks
157(1)
Defect Steps
157(1)
Defect States
158(2)
Defect Attributes
160(2)
Defect Priorities
162(1)
Defect Severities
162(1)
Part 3: Root Cause Analysis
163(8)
Definition
163(1)
Root Cause Fields
163(2)
Requirements
164(1)
Defect Cause in Requirement
164(1)
Incomplete/Missing
164(1)
Inconsistent
164(1)
Incorrect
164(1)
Not Traceable
164(1)
Not Testable
164(1)
Implementation Dependent
164(1)
Design
164(1)
Code
164(1)
Environment
165(1)
Test
165(1)
Data
165(1)
Analysis
165(1)
The Most Common Root Cause Classification
165(2)
Defect Prevention
167(3)
Benefits of Defect Prevention
167(3)
Defect Prediction
170(1)
Chapter 8 Risk, Vulnerability, And Threat Management
171(40)
Introduction
171(1)
Part 1: Risk Management
171(13)
Types of Risks
172(1)
Impact of Risk
173(1)
Dealing with Risk
173(1)
Risk Management Life Cycle
174(1)
Risk Identification
174(1)
Ten Effective Methods to Identify Risks
174(2)
Brainstorming
174(1)
Survey
175(1)
Interview
175(1)
Practical Experience and Understanding
175(1)
Research
176(1)
Potential Risk Lists
176(1)
Lessons Learned
176(1)
Risk-Oriented Analysis
176(1)
Design Template
176(1)
Risk Assessment
176(5)
What Is Risk Assessment?
177(1)
Risk Assessment Process
177(1)
Risk Assessment Involves Identified Risks
178(1)
Technology Risk Assessment and Mitigation (TRAM) (Sample)
178(1)
Business Risk
178(1)
Catastrophic (A)
179(1)
Critical (B)
179(1)
Moderate (C)
179(1)
Minor (D)
179(2)
Risk Assessment Matrix
181(1)
Negligible (E)
181(1)
Risk Response
181(2)
Avoid
181(1)
Transfer
181(1)
Reduce
182(1)
Accept
182(1)
Risk Mitigation
182(1)
Risk Contingency Plan
183(1)
Technology Contingency Plan (TCP) (Sample)
184(1)
Application Risk Questionnaire (ARQ)
184(1)
Project Risk Log
184(1)
Part 2 Vulnerability, Risk, and Threat Analysis
184(8)
Vulnerability and Risk
185(3)
Step 1: Determine What Is Being Protected and Why
185(1)
Sample Statement
186(1)
Step 2: Identify the System
186(1)
Step 3: Characterize System Operations
187(1)
Step 4: Ascertain What One Does and Does Not Have Control Over
187(1)
Vulnerability and Threat
188(1)
Definitions
188(1)
Four Levels of Threats
188(1)
Four Steps of Risk Assessment
189(3)
Step 1: Analysis Techniques Are Selected and Used
189(1)
Step 2: Identify Vulnerabilities, Their Type, Source, and Severity
190(1)
Step 3: Identify Threats, Their Type, Source, and Likelihood
190(1)
Step 4: Evaluate Transaction Paths, Threat Zones, and Risk Exposure
190(2)
Part 3: OCTAVE and Risk Management
192(5)
What Is OCTAVE?
192(2)
OCTAVE Phases
194(1)
Phase 1: Build Asset-Based Threat Profiles
194(1)
Phase 2: Identify Infrastructure Vulnerabilities
195(1)
Phase 3: Develop Security Strategy and Plans
195(1)
OCTAVE Way of Risk Management
195(2)
OCTAVE in Risk Management
196(1)
Appendix A—Sample
197(7)
Vulnerability/Risk Assessment
197(5)
For Pharmacy Handheld Technology
197(1)
Introduction
197(1)
Statement of Goals
197(1)
High-Level System Entity Control Analysis
197(3)
Vulnerability and Threat Analysis
200(2)
Physical Structure
202(2)
Virtual Private Network as a Risk
202(1)
The Major Strengths of Utilizing Internet-Based VPN Services
203(1)
Assumptions
203(1)
Appendix B
204(7)
Risk Factors Assumptions
204(7)
Investment Size
204(1)
Management Process Maturity
205(1)
Degree of Technical Risk
206(1)
Return Factors
206(1)
Conclusion
206(5)
Section IV Software Quality Expectation
Chapter 9 Information Security
211(66)
Introduction
211(1)
Part 1: Definition and Importance
211(13)
What Is Information Security?
211(2)
Difference between Privacy and Security
213(1)
Key Points on Information Security
213(1)
From What Threats Does Information Need to Be Secured?
213(4)
Cybercrime
213(1)
Types of Cybercrime
214(1)
Computer Virus
214(1)
Scam
215(1)
Money Laundering
215(1)
Phishing
215(2)
What Kind of Information Needs to Be Secured
217(2)
Some Examples of Recent Phishing
217(2)
Identity Theft
219(1)
Information That Is Considered Identity
220(1)
Social Security Numbers
220(1)
Date of Birth
220(1)
Current and Previous Addresses and Phone Numbers
220(1)
Current and Previous Employment Information
221(1)
Financial Account Information
221(1)
Mother's Maiden Name
221(1)
Other Personal Information
221(1)
Password for Nonfinancial Accounts
221(1)
Password for Financial Accounts
221(1)
Criminal Activities That Lead to Cybercrime
221(1)
Spyware
221(1)
Objective of Information Security
222(1)
Why Is Security Important?
222(2)
What Is the Benefit of Information Security?
224(1)
Part 2: Methodology
224(10)
The Strategy
224(1)
Security Standards
224(5)
ISO 15408
224(1)
Control Objectives for Information and (Related) Technology (COBIT)
225(1)
ISO 17799/BS7799
225(1)
COBIT
225(1)
OCTAVE
225(1)
ISO 15408 vs. ISO 17799
225(1)
Security Policy
225(1)
Organizational Security
226(1)
Asset Classification and Control
226(1)
Personnel Security
227(1)
Physical and Environmental Security
227(1)
Communications and Operations Management
228(1)
Access Control
229(1)
System Development and Maintenance
229(1)
Business Continuity Management
230(1)
Compliance
230(1)
Precautionary Guidelines
230(1)
Refrain from Giving Out Personal Information
231(1)
Storing Financial Records
231(1)
Use Firewall Programs
231(1)
Do Not Open Files Sent from an Unknown Source
231(1)
Use a Secure Browser
231(1)
Delete All Stored Personal Information
232(1)
Do Not Disclose Passwords to Anyone
232(1)
Beware of Phishing, Spoofing, and Spam Attempts
232(1)
COBIT Security Baseline
232(1)
Business Model Information Security
232(2)
The Broader Scope of InfoSec
234(2)
Operational Procedure for Doctor
234(1)
Operational Procedure for Pharmacy
235(1)
Common Information Security Criteria
236(23)
Operational Procedure for Patient
237(1)
Operation Procedure for Pharmacy Hub
237(1)
Operational Change Control
237(1)
Incident Management Procedure
238(1)
External Facilities Management
239(1)
System Planning and Acceptance
239(1)
Capacity Planning
239(1)
System Acceptance
239(1)
Protection against Malicious Software
240(1)
Control against Malicious Software
240(1)
Housekeeping
240(1)
Information Backup
240(1)
Operator Logs
241(1)
Fault Logging
241(1)
Network Management
241(1)
Network Controls
241(1)
Media Handling and Security
242(1)
Management of Removable Computer Media
242(1)
Disposal of Media
242(1)
Exchange of Information and Software
242(1)
Security of Media in Transit
243(1)
Electronic Commerce Security
243(1)
Security of Electronic Mail
243(1)
Business Requirement for Access Control
243(1)
Access Control Policy
243(1)
User Access Management
243(1)
User Registration
243(1)
Privilege Management
244(1)
User Password Management
244(1)
Review of User Access Rights
245(1)
User Responsibilities
245(1)
Network Access Control
246(2)
Policy on Use of Network Services
246(1)
Remote Diagnostic Port Protection
246(1)
Network Connection Control
247(1)
Operating System Access Control
248(1)
Automatic Terminal Identification
248(1)
Terminal Log-On Procedures
248(1)
User Identification and Authentication
248(1)
Password Management System
248(1)
Use of System Utilities
248(1)
Duress Alarm to Safeguard Users
248(1)
Terminal Time-Out
249(1)
Limitation of Connection Time
249(1)
Application Access Control
249(1)
Information Access Restriction
249(1)
Sensitive System Isolation
250(1)
Monitoring System Access and Use
250(1)
Event Logging
250(1)
Monitoring System Use
250(1)
Clock Synchronization
250(1)
Mobile Computing and Teleworking
250(1)
Mobile Computing
250(1)
Teleworking
251(1)
Security Requirements of Systems
251(1)
Security in Application Systems
251(1)
Data Validation
251(1)
Business Continuity Management
252(4)
Aspects of Business Continuity Management
252(1)
Primary Focus of the Plan
252(1)
Primary Objectives of the Plan
253(1)
Plan
253(1)
Personnel
254(1)
Salvage Operations at the Disaster Site
254(1)
Designate Recovery Site
254(1)
Purchase New Equipment
254(1)
Begin Reassembly at the Recovery Site
255(1)
Restore Data from Backups
255(1)
Restore Applications Data
255(1)
Move Back to Restored Permanent Facility
255(1)
Compliance
256(3)
Compliance with Legal Requirements
256(1)
Identification of Applicable Legislation
256(1)
Intellectual Property Rights
256(1)
Copyright
256(2)
Reviews of Security Policy and Technical Compliance
258(1)
System Audit Considerations
259(1)
System Audit Controls
259(1)
Protection of System Audit Tools
259(1)
Part 3: Security Policy Document
259(18)
Information Security Policy
260(2)
Board-Level Action
261(1)
Management-Level Action
262(1)
Organizational Security
262(2)
Information Security Infrastructure
262(1)
Management Information Security Forum
263(1)
Information Security Coordination
263(1)
Allocation of Information Security Responsibilities
263(1)
Authorization Process for Information Processing Facilities
263(1)
Specialist Information Security Advice
264(1)
Cooperation between Organizations
264(1)
Independent Review of Information Security
264(1)
Security of Third-Party Access
264(1)
Identification of Risks from Third-Party Access
264(1)
Types of Access
264(1)
Reasons for Access
265(1)
On-Site Contractors
265(1)
Security Requirements in Third-Party Contracts
265(1)
Outsourcing
265(1)
Security Requirements in Outsourcing Contracts
265(1)
Asset Classification and Control
265(1)
Accountability for Assets
265(1)
Inventory of Assets
266(1)
Information Classification
266(1)
Classification Guidelines
266(1)
Information Labeling and Handling
266(2)
Personnel Security
268(1)
Security in Job Definition
268(1)
Personnel Screening Policy
268(1)
Testing Employees
268(1)
Evaluate Key Job Behaviors
268(1)
Confidentiality Agreements
269(1)
Terms and Conditions for Employment
269(1)
User Training
270(1)
Information Security Education and Training
270(1)
Reporting Security Incidents
270(1)
Security Incidents Reporting Guideline
270(1)
Reporting Security Weaknesses
270(1)
Physical and Environmental Security
271(1)
Physical Security
271(1)
Physical Entry Control
271(1)
Securing Offices, Rooms, and Facilities
271(1)
Equipment Security
272(1)
Protect the System from Undesirable Booting
272(1)
Set Up Storage Protection for Backup Tapes
273(1)
Equipment Sitting and Protection
273(1)
Power Supplies
273(1)
Cabling Security
273(1)
Equipment Maintenance
273(1)
General Controls
273(1)
Clear Desk and Clear Screen Policy
273(1)
Removal of Property
274(1)
Communication and Operation Management
274(1)
Operational Procedure and Responsibilities
274(1)
Documented Operating Procedures
274(1)
Information Security Certification Procedure (Sample)
274(1)
Document Change Control Log
275(1)
Security Standards
276(1)
ISO 15408
276(1)
COBIT
276(1)
ISO 17799/BS7799
276(1)
OCTAVE
276(1)
Chapter 10 Information Audit
277(30)
Introduction
277(1)
Part 1: Definition and Planning
277(11)
Definition
277(2)
Audit Planning
279(2)
IT Audit Plan Development Process
281(1)
Role of Supporting Technologies
281(1)
Understanding the Business
282(1)
Operating Environment
282(1)
Details of the IT Audit
283(1)
Examining the Business Model
283(1)
Formalizing the IT Audit Plan
283(1)
Integration of the IT Audit Plan
284(1)
Validating the Audit Plan
284(1)
The IT Audit Plan Should Be Dynamic
284(1)
Ten Key IT Considerations for Internal Audit
284(1)
Responsibilities of IT Audit Team Members
285(1)
Lead Auditor
285(1)
Recorder
286(1)
Auditor
286(1)
Initiator
286(1)
Audited Organization
286(1)
Auditor's Qualifications
286(2)
Choosing an Auditor
286(1)
Auditor's Education
287(1)
Knowledge and Skills
287(1)
Experience
288(1)
Knowledge
288(1)
Talent
288(1)
Competence
288(1)
Part 2: Audit Process and Procedure
288(11)
Audit Process
289(1)
Audit Process Implementation
290(1)
Support for the Audit Process
290(1)
Procedures
290(5)
Management Preparation
290(1)
Verification of Quality Manual
291(1)
Verification of Implementation of the Quality Manual
291(2)
Sample Work Instructions
293(1)
Postimplementation Review
293(1)
Key Phase Review
294(1)
Project Management Methodology Assessment
294(1)
Privacy and Audit Management
295(1)
Five Key Focus Areas for Project Audits
295(4)
Business and IT Alignment
296(1)
Project Management
296(1)
IT Solution Readiness
297(1)
Solution Design
297(1)
Organizational and Process Change Management
297(1)
The Audit Report
298(1)
Part 3: Auditing and Information Security
299(8)
Defined and Planned Strategy
299(1)
Auditing Privacy Risks
299(1)
Auditing Data Categorization
300(1)
Auditing Law and Regulation Aspects
301(1)
Organization Threats
301(1)
Application Risks
301(1)
Business Process Risks
302(1)
Auditing IT Vulnerabilities
302(1)
Identifying Insignificant Vulnerability Management
302(1)
The Internal Auditor's Role About Information Security
303(1)
Vulnerability and Risk
303(1)
Persistent Auditing and Monitoring
304(3)
Suggested Readings
305(2)
Chapter 11 Software Reliability And Process Improvement
307(36)
Introduction
307(1)
Part 1: Definition and Measurement
307(2)
What Is Reliability?
307(1)
What Are Reliability Metrics?
307(1)
Classifications
307(1)
Standards Defining Reliability Measurement
308(1)
Selection of Measures
308(1)
Measures from IEEE 982.2
308(1)
Measurement-Based Assurance
309(19)
Criteria for Selection
309(1)
Sample Primitive Metrics
309(1)
Primitive Cost and Effort Metrics
310(1)
Primitive Change Metrics
310(1)
Software Requirements Metrics
310(1)
Requirements Size Metrics
310(1)
Requirements Traceability
310(1)
Completeness
311(1)
Fault-Days Number
311(1)
Software Design Metrics
311(1)
Primitive Size Metrics
312(1)
Primitive Fault Metrics
312(1)
Primitive Complexity Metrics
312(1)
Defect Density
312(1)
Test-Related Primitives
313(1)
Code Metrics
313(1)
Cyclomatic Complexity (C)
313(1)
Amount of Data
314(1)
Live Variables
314(1)
Test Metrics
314(1)
Fault Density
314(1)
Defect Age
315(1)
Defect Response Time
315(1)
Defect Cost
315(1)
Defect Removal Efficiency
315(1)
Primitive Test Case Metrics
316(1)
Statement Coverage
316(1)
Branch Coverage
316(1)
Path Coverage
316(1)
Data Flow Coverage
316(1)
Test Coverage
316(1)
Mean Time to Failure
317(1)
Failure Rate
317(1)
Cumulative Failure Profile
317(1)
Customer Ratings
318(1)
Customer Service Metrics
318(1)
Making Reliability Metrics Meaningful
318(1)
Standards Defining Software Measurement
318(2)
Productivity Metrics: IEEE 1045
319(1)
Software Reliability: IEEE 982
319(1)
Quality Metrics Methodology
320(1)
IEEE 1061-1992
320(1)
Software Reliability Measurement
321(1)
What Is a Model?
321(1)
Qualities of a Good Model
321(1)
The Importance of Data
321(1)
Metrics and Models
322(1)
Model Development and Independent Metrics
322(1)
The Issue of Availability
322(1)
Data Retention and Use
322(1)
Validity
323(1)
Software Reliability Estimation
323(1)
CMMs: The Software Engineering Institute's Capability Maturity Model
323(1)
Maturity Levels
323(2)
Initial
324(1)
Repeatable
324(1)
Defined
324(1)
Managed
324(1)
Optimized
324(1)
Common Features
325(1)
CMMI
325(1)
Staged Representation
325(1)
Continuous Representation
325(1)
Disciplines and Environments
326(1)
CMMI Application
326(1)
Maturity Levels
326(1)
Process Areas
326(1)
Level Three Process Areas
327(1)
Level Four Process Areas
327(1)
Level Five Process Areas
327(1)
IDEAL
327(1)
Part 2: Software Process Improvement and Capability Determination (SPICE)
328(12)
ISO 15504 and Management
328(1)
The Assessment Process
328(1)
The Reference Model
328(1)
The Capability Dimension
329(1)
The Engineering Process Category
329(1)
The Project Process Category
330(1)
The Support Process Category
330(1)
The Organization Process Category
330(1)
ISO/IEC 15288 Processes
330(2)
ISO 15288 Relation to Other Frameworks
331(1)
Personal and Team Approaches
332(1)
PSP and TSP to CMM
332(1)
The PSP Process Structure
333(1)
PSP Quality Management
333(1)
Early Defect Removal
333(1)
Defect Prevention
334(1)
PSP Project Plan Summary
334(1)
Outcomes of the Process
335(1)
The Team Software Process
335(1)
Definition
335(1)
The TSP Team Working Process
336(2)
What Does TSP Do for Software?
337(1)
Measurement
337(1)
Application
338(1)
TSP Quality Management
338(1)
The Quality Plan
338(1)
Identifying Quality Problems
339(1)
Finding and Preventing Quality Problems
339(1)
Relationship of PSP and TSP to CMM
339(1)
Appendix
340(3)
Software Process Improvement
340(1)
Introduction
340(1)
Purpose
340(1)
Scope
340(1)
Assumptions
341(1)
Constraints
341(1)
Compliance
341(1)
Acronyms and References
341(2)
Acronyms
341(1)
Organization and References
342(1)
Index 343
Abu Sayed Mahfuz, ITIL, MIS, MA, has over 15 years of experience in the business and information technology profession, including database manager, technology manager, software quality lead, and technology instruction in several prestigious multinational companies. He is a distinguished trainer, speaker, and book author. Mr. Mahfuz earned his masters degree in computer and information systems from the University of Detroit Mercy and two other masters degrees from Malaysia and Bangladesh. He also holds ITIL Foundation certification and several software quality, cyber security, and phishing related internal certifications from Hewlett Packard.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97814987355512e.html
Keywords: