Bibliothèque de L'IMIST/CNRST

Includes bibliographical references (pages 421-433) and index.

Architecture and Security -- Architecture Reviews -- Software Process -- Reviews and the Software Development Cycle -- Software Process and Architecture Models -- Kruchten's 4+1 View Model -- The Reference Model for Open Distributed Processing -- Rational's Unified Process -- Software Process and Security -- Architecture Review of a System -- The Architecture Document -- The Introduction Section -- Sections of the Architecture Document -- The Architecture Review Report -- Security Assessments -- What Is a Security Assessment? -- The Organizational Viewpoint -- The Five-Level Compliance Model -- The System Viewpoint -- Pre-Assessment Preparation -- The Security Assessment Meeting -- Security Assessment Balance Sheet Model -- Describe the Application Security Process -- Identify Assets -- Identify Vulnerabilities and Threats -- Identify Potential Risks -- Examples of Threats and Countermeasures -- Post-Assessment Activities -- Why Are Assessments So Hard? -- Matching Cost Against Value -- Why Assessments Are Like the Knapsack Problem -- Why Assessments Are Not Like the Knapsack Problem -- Enterprise Security and Low Amoritized Cost Security Controls -- Security Architecture Basics -- Security As an Architectural Goal -- Corporate Security Policy and Architecture -- Vendor Bashing for Fun and Profit -- Security and Software Architecture -- System Security Architecture Definitions -- Security and Software Process -- Security Design Forces against Other Goals -- Security Principles -- Additional Security-Related Properties.

Tackling security architecture from a software engineering perspective With the growth of the Internet, computer security is rapidly becoming a critical business concern. In turn, as security becomes the responsibility of all IT professionals, companies must rethink the way software is built to have confidence that their mission-critical applications are protected and the privacy and integrity of their data is maintained. In this groundbreaking book, Jay Ramachandran, a security expert with AT & T's renowned Network Services organization, explores system security architecture from a software e.