Building Security into the Business Acquisition Process

Abstract

This article presents the standard process for acquiring software products and services in business. It is based on the recommendations of the Agreement processes specified by the IEEE 12207 Standard. This standard presents the commonly accepted practices for ensuring a well-defined and persistent assurance process for acquired software. With the help of 12207, it is possible to integrate best practice in acquisition and supply into a single uniform approach. That approach will guarantee that security considerations will be a central part of product selection, monitoring, and acceptance. The ensuing set of policies and procedures provides rational control over all aspects of the process of securing acquired products. Properly followed, they will ensure an adequately secure software deliverable.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2007
Accession Number
AD1171117

Entities

People

  • Dan Shoemaker

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Human Systems

DTIC Thesaurus Topics

  • Acquisition
  • Application Software
  • Best Practices
  • Business Administration
  • Commerce
  • Configuration Management
  • Contractors
  • Contracts
  • Engineering
  • Guarantees
  • Homeland Security
  • Information Systems
  • Law
  • Life Cycles
  • Management Personnel
  • Organizational Structure
  • Personnel Management
  • Project Management
  • Software Development
  • Standards
  • Test And Evaluation

Readers

  • Software Engineering.
  • Strategic Security Studies