System Assurance: Beyond Detecting Vulnerabilities
We literally wrote the book on cyber security
Authored by KDM Analytics’ CEO Djenana Campara and CTO Dr. Nikolai Mansourov, System Assurance: Beyond Detecting Vulnerabilities provides a comprehensive view of systematic, repeatable, and affordable cyber defense.
System Assurance: Beyond Detecting Vulnerabilities goes beyond providing knowledge of vulnerabilities to include knowledge of the system, risks and threats, and security safeguards. It also provides the assurance argument, together with the corresponding evidence to answer the question: why is a system secure?
The book is organized into four parts:
- An introduction to cybersecurity knowledge; the need for information exchanges for systematic, repeatable, and affordable cyberdefense; and the motivation for the Object Management Group (OMG) Software Assurance Ecosystem. It discusses the nature of system assurance and its difference for vulnerability detection, and introduces the OMG standard on Software Assurance Cases. It describes an end-to-end methodology for system assurance in the context of the OMG Software Assurance Ecosystem that brings together risk analysis, architecture analysis, and code analysis in an integrated process that is guided and planned by the assurance argument.
- Description of the various aspects of cybersecurity knowledge required for building cybersecurity arguments. This knowledge includes system knowledge, knowledge related to security threats and risks, and vulnerability knowledge.
- An overview of the protocols of the OMG Software Assurance Ecosystem. It covers the Common Fact Model approach; linguistic models and the OMG Semantics of Business Vocabularies and Rules (SBVR) standard; and the OMG Knowledge Discovery Metamodel (KDM).
- A case study to illustrate some of the activities of a system assurance evaluation.
This book is a must-have reference for cyber security experts:
- It provides an end-to-end methodology for systematic, repeatable, and affordable System Assurance.
- It includes an overview of the OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis, guided by the assurance argument.
- It also provides a case study illustrating the steps of the System Assurance Methodology using automated tools.