THE MAGAZINE
Book Reviews: IT Security
Software Security Engineering: A Guide for Project Managers
***** Software Security Engineering. By Julia H. Allen, et al; published by Addison-Wesley Professional, www.informit.com (Web); 368 pages; $49.99.
Part of Addison-Wesley’s Software Security Series, this innovative book is a welcome departure from conventional IT security texts. It examines an array of methods for protecting enterprise software throughout its useful life, demonstrating how to create security-enabled software.
To succeed in securing software, the authors rightly argue that project managers and their software engineers must think like hackers; doing so will help them determine how software can better resist, tolerate, and absorb attacks. The enterprise must also consider the possibility that an attack will succeed and plan for the system’s recovery in advance.
The authors emphasize that all software is riddled with security flaws. Administrators must analyze how a program is used, the conditions under which it is used, and the security requirements it must meet. Security efforts should follow a risk management approach to identify priorities and determine which measures are adequate, understanding that software security risks will change throughout the software development life cycle.
The book is full of graphic representations, including tables, figures, charts, and information boxes. It also features a thorough glossary. Links to a host of relevant downloadable documents, provided through the U.S. Department of Homeland Security’s Software Assurance Program, are listed throughout the book.
Software Security Engineering is a must-read guide for project managers at all levels of the security profession. Additionally, it may appeal to a larger audience, including a subset of security experts and practitioners such as consultants, advisors, and trainers.
Reviewer: Col. Kuljeet Singh, CPP, is chief technical consultant and security advisor for the The Wright Group, Inc., in Anaheim, California, and ACSI, Inc. He is a member of ASIS International.
- Login or register to post comments
- Printer-friendly version
Advertise | Subscribe | Reader Service | Writer's Guidelines | Reprints & Permissions | Sitemap | RSS
Security Management is the award-winning publication of ASIS International, the preeminent international
organization for security professionals, with more than 37,000 members worldwide.
ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.
703-519-6200 | fax 703-519-6299 | www.asisonline.org
© 2012 Security Management
This site is protected by copyright and trade mark laws under U.S. and International law.
No part of this work may be reproduced without the written permission of Security Management.
Powered by: Phase2 Technology
Comments