You may have to Search all our reviewed books and magazines, click the sign up button below to create a free account.
Most organizations rely on complex enterprise information systems (EISs) to codify their business practices and collect, process, and analyze business data. These EISs are large, heterogeneous, distributed, constantly evolving, dynamic, long-lived, and mission critical. In other words, they are a complicated system of systems. As features are added to an EIS, new technologies and components are selected and integrated. In many ways, these information systems are to an enterprise what a brain is to the higher species--a complex, poorly understood mass upon which the organism relies for its very existence. To optimize business value, these large, complex systems must be modernized--but where does one begin? This book uses an extensive real-world case study (based on the modernization of a thirty year old retail system) to show how modernizing legacy systems can deliver significant business value to any organization.
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities. Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT...
Software is more than a set of instructions for computers: it enables (and disables) political imperatives and policies. Nowhere is the potential for radical social and political change more apparent than in the practice and movement known as "free software." Free software makes the knowledge and innovation of its creators publicly available. This liberation of code—celebrated in free software’s explicatory slogan "Think free speech, not free beer"—is the foundation, for example, of the Linux phenomenon. Decoding Liberation provides a synoptic perspective on the relationships between free software and freedom. Focusing on five main themes—the emancipatory potential of technology, social liberties, the facilitation of creativity, the objectivity of computing as scientific practice, and the role of software in a cyborg world—the authors ask: What are the freedoms of free software, and how are they manifested? This book is essential reading for anyone interested in understanding how free software promises to transform not only technology but society as well.
Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations. Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military, through provided case studies. This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking to attract new markets traditionally held by proprietary products or to reduce costs. This book is also suitable for researchers and advanced-level students.
Cyber-physical systems (CPSs) consist of software-controlled computing devices communicating with each other and interacting with the physical world through sensors and actuators. Because most of the functionality of a CPS is implemented in software, the software is of crucial importance for the safety and security of the CPS. This book presents principle-based engineering for the development and operation of dependable software. The knowledge in this book addresses organizations that want to strengthen their methodologies to build safe and secure software for mission-critical cyber-physical systems. The book: • Presents a successful strategy for the management of vulnerabilities, threats, and failures in mission-critical cyber-physical systems; • Offers deep practical insight into principle-based software development (62 principles are introduced and cataloged into five categories: Business & organization, general principles, safety, security, and risk management principles); • Provides direct guidance on architecting and operating dependable cyber-physical systems for software managers and architects.
Reduce risk and improve the overall performance of IT assets! Federal IT Capital Planning and Investment Control is the first book to provide a comprehensive look at the IT capital planning and investment control (CPIC) process. Written from a practitioner's perspective, this book covers a range of topics designed to provide both strategic and operational perspectives on IT CPIC. From planning to evaluation, this valuable resource helps managers and analysts at all levels realize the full benefits of the CPIC process. •Explore the full range of IT investment principles and practices •Learn CPIC project management techniques including earned-value management, integrated baseline review, cost-benefit analysis, and risk-adjusted cost and schedule estimates •Identify strategies to improve how your organization manages its IT portfolio and selects, controls, and evaluates investments •Discover how to leverage scarce IT resources and align investments with program priorities •Benefit from the in-depth coverage—excellent for the experienced as well as those new to the CPIC process
TSPi overview; The logic of the team software process; The TSPi process; The team roles; Using the TSPi; Teamwork.
“At Cisco, we have adopted the CERT C Coding Standard as the internal secure coding standard for all C developers. It is a core component of our secure development lifecycle. The coding standard described in this book breaks down complex software security topics into easy-to-follow rules with excellent real-world examples. It is an essential reference for any developer who wishes to write secure and resilient software in C and C++.” —Edward D. Paradise, vice president, engineering, threat response, intelligence, and development, Cisco Systems Secure programming in C can be more difficult than even many experienced programmers realize. To help programmers write more secure code, The CER...
“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.” –Mary Ann Davidson, Chief Security Officer, Oracle Corporation Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. JavaTM Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands. Written by the same team that brought...
Examines what's new and updated in BPMN 2.0 and look at interchange, best practice, analytics, conformance, optimization, choreography from a technical perspective. Also addresses the business imperative for widespred adoption of the standard by examining best practice guidelines, BPMN busines strategy and the human interface including real-life case studies. Other chapters tackle the practical aspects of making BPMN model executable and the basic time-line analysis of a BPMN model.