发布求助
文献互助 智能选刊 最新文献

Int. J. Syst. Softw. Secur. Prot.最新文献

筛选
英文 中文
Opinions of the Software and Supply Chain Assurance Forum on Education, Training, and Certifications 软件与供应链保障论坛关于教育、培训和认证的意见
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2018-04-01 DOI: 10.4018/IJSSSP.2018040101
Beatrix Boyens
{"title":"Opinions of the Software and Supply Chain Assurance Forum on Education, Training, and Certifications","authors":"Beatrix Boyens","doi":"10.4018/IJSSSP.2018040101","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018040101","url":null,"abstract":"This article provides an overview of discussions held at the Software and Supply Chain Assurance (SSCA) forum held May 1-2, 2018, in McLean, Virginia. The two-day event focused on education and training for software assurance (SwA) and Cyber-Supply Chain Risk Management (C-SCRM). Attendees discussed questions such as “What are some challenges facing industry, academia, and government organizations in this area?” “Who needs education or training?” “What needs to be taught?” and “What strategies do or do not work?” Discussions related to the current environment, hiring and retaining qualified employees, defining roles and responsibilities, and the knowledge, skills, and abilities (KSAs) that are most in-demand.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129387646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Case for Using Blended Learning and Development Techniques to Aid the Delivery of a UK Cybersecurity Core Body of Knowledge 使用混合学习和开发技术来帮助交付英国网络安全核心知识体系的案例
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2018-04-01 DOI: 10.4018/IJSSSP.2018040103
D. Bird, J. Curry
{"title":"A Case for Using Blended Learning and Development Techniques to Aid the Delivery of a UK Cybersecurity Core Body of Knowledge","authors":"D. Bird, J. Curry","doi":"10.4018/IJSSSP.2018040103","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018040103","url":null,"abstract":"This article explores the UK's current approach in addressing the cybersecurity skills gap championed by the National Cyber Security Strategy. There have been progressive and elaborate steps taken in the UK toward professionalization of the cybersecurity field. However, cybersecurity knowledge has been labelled as inconsistent when a cybersecurity Chartered status is being proposed. The objective of this analysis was to apply an academic lens over the UK's voyage towards the establishment of a cybersecurity profession. It has been an ambitious but complex endeavor that at times has had alterations of course. Learning from this experience, a blended learning and development approach is now recommended underpinned by an overarching core knowledge framework. Such a framework could join up the existing silos of learning and development activities to benefit from, and build upon, a coherent core knowledge-base for the community. It is argued that this will provide a more satisfactory outcome to enhance the UK's cybersecurity capability on the road to a cybersecurity profession.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132313865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Enhancing a SCRM Curriculum With Cybersecurity 加强资源管理课程与网络安全
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2018-04-01 DOI: 10.4018/IJSSSP.2018040104
W. A. Conklin, C. Bronk
{"title":"Enhancing a SCRM Curriculum With Cybersecurity","authors":"W. A. Conklin, C. Bronk","doi":"10.4018/IJSSSP.2018040104","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018040104","url":null,"abstract":"Supply chain-related curricula exist across many universities, with many including risk management as an important or focal element. With the rise of software-driven technology across the supply chain, how can firms manage the inherent risks associated with software as part of a procurement process? This article examines how to provide context appropriate cybersecurity exemplars in a model supply chain education program, bringing to light the issue of embedded risk in software acquisition. Through a series of specifically placed educational elements that provide targeted cybersecurity knowledge to students, the objective is to provide additional skill sets for future supply chain professionals to assist firms in including software related cybersecurity risk as a component in SCRM.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130013469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Fitting Security into Agile Software Development 将安全性融入敏捷软件开发
Int. J. Syst. Softw. Secur. Prot. Pub Date : 1900-01-01 DOI: 10.4018/IJSSSP.2018010103
Kalle Rindell, S. Hyrynsalmi, V. Leppänen
{"title":"Fitting Security into Agile Software Development","authors":"Kalle Rindell, S. Hyrynsalmi, V. Leppänen","doi":"10.4018/IJSSSP.2018010103","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018010103","url":null,"abstract":"Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116021747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Weaving Security into DevOps Practices in Highly Regulated Environments 在高度监管的环境中,将安全性编织到DevOps实践中
Int. J. Syst. Softw. Secur. Prot. Pub Date : 1900-01-01 DOI: 10.4018/IJSSSP.2018010102
J. Morales, Hasan Yasar, A. Volkmann
{"title":"Weaving Security into DevOps Practices in Highly Regulated Environments","authors":"J. Morales, Hasan Yasar, A. Volkmann","doi":"10.4018/IJSSSP.2018010102","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018010102","url":null,"abstract":"In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116248078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Challenges and Solutions for Addressing Software Security in Agile Software Development: A Literature Review and Rigor and Relevance Assessment 在敏捷软件开发中解决软件安全的挑战和解决方案:文献综述和严谨性和相关性评估
Int. J. Syst. Softw. Secur. Prot. Pub Date : 1900-01-01 DOI: 10.4018/IJSSSP.2018010101
Ronald Jabangwe, Kati Kuusinen, K. R. Riisom, M. S. Hubel, H. M. Alradhi, Niels Bonde Nielsen
{"title":"Challenges and Solutions for Addressing Software Security in Agile Software Development: A Literature Review and Rigor and Relevance Assessment","authors":"Ronald Jabangwe, Kati Kuusinen, K. R. Riisom, M. S. Hubel, H. M. Alradhi, Niels Bonde Nielsen","doi":"10.4018/IJSSSP.2018010101","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018010101","url":null,"abstract":"","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130611797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信