This course covers the fundamentals of establishing a required level of software and system assurance, applying methods and determining measures to assess whether the required level of assurance has been achieved. Topics include assessment methods; defining product measures, process measures and other performance indicators; measurement processes and frameworks; performance indicators for business survivability and continuity; and comparing selected measures to determine whether the software/system meets its required level of assurance. These fundamentals are applied to newly developed software and systems as well as during the acquisition of software and services.
- Establishment and specification of the required/desired level of assurance for a specific software application, set of applications, or a software-reliant system (3.1.1)
- Assessment methods: validation of security requirements, risk analysis, threat analysis, vulnerability assessments/scans, and assurance cases. Knowledge of methods used to determine whether the software/system being assessed is sufficiently secure within tolerances (3.1.2)
- Definition and development of key product and process measurements (and additional performance indicators) that can be used to validate the required level of software assurance appropriate to a given life-cycle phase (3.2.1, 3.2.2)
- Measurement processes and frameworks and their use in process/practice assessment and in software assurance integration into software development life cycle (SDLC) phases. (3.2.3)
- Definition and development of performance indicators that address a system’s ability to meet business survivability and operational continuity requirements, to the extent they are affected by the software (3.2.4)
- Assessment of key product and process measures and performance indicators to determine whether they are within tolerance when compared to the defined baseline (3.3.1)
- Identification of measures that are out of tolerance when compared to the defined baselines. This topic also covers the development of actions needed to reduce the variance. (3.3.2)
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.