Software Assurance for Executives Course Materials

As connectivity grows, we must consider the large-scale, highly networked, software-dependent systems upon which all of our critical infrastructure relies—from phones to power, to water, to industries such as banking, medicine, and retail. Software assurance—confidence that software is free from vulnerabilities and functions as intended—is the term used to describe this context.

Video Modules

The Software Assurance for Executives video modules begin with a discussion of software assurance challenges and then present resources and methods available to address software assurance in development and acquisition. These modules will give executives and managers a better understanding of software assurance challenges, development and acquisition assurance, mission assurance, the Microsoft Security Push and the Microsoft Secure Development Lifecycle, threat modeling, and assurance issues in cloud computing, sustainment, governance, and standards in support of software assurance. Read more about the videos.

Slide Sets

The Software Assurance for Executives slide sets provide information for managers and executives and include information on topics throughout the software assurance lifecycle.

Overview of Videos and Slide Sets

See the outline below for a listing of the included materials.

Videos

Software Assurance Challenges

  • Interview with William Scherlis: Introduction and Background
  • Software Assurance Challenges
  • Encouraging Adoption of Software Assurance Practices Through People and Incentives
  • The Path Toward Software Assurance: Advice for Organizations
  • Learning from Failure
  • The Future of Software Assurance

Adopting Software Trustworthiness

  • Introduction, History, and Current State of Software
  • Trustworthy Software
  • The UK Trustworthy Software Initiative (TSI)
  • Trustworthy Software Framework
  • Current Focus and Future Direction of UK TSI
  • Questions and Answers

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance, and Supply Chain Risk Management

  • Introduction, Current Software Assurance Activities by DHS, and Current Software Assurance Environment
  • Managing Risks in a Connected World
  • A Need for Diagnostic Capabilities and Standards
  • Changing Behavior: Resources
  • Establishing a Foundation for Software Assurance
  • Conclusion: The Rugged Manifesto and Challenge

Software Assurance for Development

  • Introduction to Software Assurance, Part 2
  • Building Security In
  • Microsoft Secure Development Lifecycle (MS SDL)
  • Requirements Engineering
  • Security Requirements Methods
  • Threat Modeling: STRIDE (used by Microsoft)
  • Industry Case Study in Threat Modeling: Ford Motor Company
  • Topic Summary

The Security Development Lifecycle

  • Creating and Selling the Security Development Lifecycle (SDL)
  • Managing the Process
  • Making a Difference

Software Assurance: Mission Assurance

  • Software Assurance, Introduction to 3: Mission Assurance
  • What Does Mission Failure Look Like?
  • Mission Thread Analysis for Assurance
  • Applying Mission Thread Analysis Example 1
  • Applying Mission Thread Analysis Example 2
  • Applying Mission Thread Analysis

Software Assurance for Acquisition

  • Software Assurance, Introduction to Part 4: SwA for Acquisition
  • Software Supply Chain Challenges
  • Supply Chain Risk Mitigations for Products
  • System Supply Chains
  • SCRM Standards
  • Summary

Software Assurance Introduction

  • Introduction to Software Assurance
  • Software Assurance Landscape
  • Software Assurance Principles
  • Current Software Realities

Agile 101 for Executives

  • Introduction and Key Components of Agile Development
  • Traditional & Agile Acquisition Life Cycle
  • Common Agile Methods and Scrum—the Most Adopted Agile Method
  • Challenges to Agile Adoption
  • Suggestions for Successful Use of Agile Methods in DHS Acquisition
  • Summary

Insider Threats in the Cloud

  • Insider Threats in the Cloud: Background and Introduction
  • Types of Threats
  • Protecting Against Malicious Insiders
  • Future Threats
  • Questions and Answers

The Insider Threat: Lessons Learned from Actual Attacks

  • Insider Threat: Background and Introduction
  • Real Cases of Insider Threat
  • Mitigation Strategies, Short Term Solutions, Long Term Solutions
  • Resources, Questions

Software Assurance in the Software Development Process and Supply Chain

  • Software Assurance in the Software Development Process and Supply Chain: Introduction
  • Scope of the Problem
  • Governance for System and Software Assurance
  • Strategy Solutions: System Security Engineering, Software Sustainment
  • Process Solutions

Software Assurance: Incorporate Risk Analysis Early in the Acquisition Life Cycle

  • Introduction
  • Threats, Threat Modeling, and the NIST Risk Management Framework
  • Interactions Between Requirements and Threat Modeling
  • A Threat Analysis Example
  • Summary 

Slide Sets

  • An Assurance Ecosystem
  • Basic Concepts of Security
  • Basic Concepts Vul-Risk-Threat-Attacks
  • BSIMM3
  • Cloud Computing Basics
  • Everything Is Data
  • Foundations for Software Assurance
  • Implementation Strategy
  • Information Assurance Policy Governs Actions
  • Introduction to A-SQUARE
  • Microsoft Security Development LC [Life Cycle] Basics
  • Mission Risk Diagnostic
  • Mission Thread Analysis
  • Mission Thread Analysis Application
  • Mission Thread Analysis Lessons Learned
  • Mobile Devices and Removable Media
  • NIST Security Control Publications
  • Principles of Software Assurance
  • Requirements Engineering
  • Risk-Based Measurement Analysis
  • Risk Management
  • Risk Management Overview
  • Software Assurance Challenges
  • Software Assurance Guiding Principles
  • Software Assurance: Incorporate Security Early in Acquisitions
  • Software Assurance Lifecycle Models
  • Software Assurance Practices
  • SQUARE
  • Standard Driver Sets
  • SwA Acquisition Background
  • Two Approaches for Analyzing Risk
  • Why Care About Mission Threads?
  • What Does Mission Failure Look Like?

Access the Materials

Two different outlines of the materials for the Software Assurance for Executives course allows you access to the materials after agreeing to the restrictions for use.

 

Other resources are available to faculty who wish to build their courseware and curricula from our research and materials.