This course covers the fundamentals of establishing a required level of software and system assurance, applying methods and determining measures to assess whether the required level of assurance has been achieved. Topics include assessment methods; defining product measures, process measures and other performance indicators; measurement processes and frameworks; performance indicators for business survivability and continuity; and comparing selected measures to determine whether the software/system meets its required level of assurance. These fundamentals are applied to newly developed software and systems as well as during the acquisition of software and services.
Learning Objectives
- Establishment and specification of the required/desired level of assurance for a specific software application, set of applications, or a software-reliant system (3.1.1)
- Assessment methods: validation of security requirements, risk analysis, threat analysis, vulnerability assessments/scans, and assurance cases. Knowledge of methods used to determine whether the software/system being assessed is sufficiently secure within tolerances (3.1.2)
- Definition and development of key product and process measurements (and additional performance indicators) that can be used to validate the required level of software assurance appropriate to a given life-cycle phase (3.2.1, 3.2.2)
- Measurement processes and frameworks and their use in process/practice assessment and in software assurance integration into software development life cycle (SDLC) phases. (3.2.3)
- Definition and development of performance indicators that address a system’s ability to meet business survivability and operational continuity requirements, to the extent they are affected by the software (3.2.4)
- Assessment of key product and process measures and performance indicators to determine whether they are within tolerance when compared to the defined baseline (3.3.1)
- Identification of measures that are out of tolerance when compared to the defined baselines. This topic also covers the development of actions needed to reduce the variance. (3.3.2)