Software Quality Assurance Integrating Testing, Security, and Audit

Software Quality Assurance: Integrating Testing, Security, and Audit focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software. The book is divided into four sections: The first section addresses the basic concepts of software quality, validation and verification, and audits. It covers the major areas of software management, software life cycle, and life cycle processes. The second section is about testing. It discusses test plans and strategy and introduces a step-by-step test design process along with a sample test case. It also examines what a tester or test lead needs to do before and during test execution and how to report after completing the test execution. The third section deals with security breaches and defects that may occur. It discusses documentation and classification of incidences as well as how to handle an occurrence. The fourth and final section provides examples of security issues along with a security policy document and addresses the planning aspects of an information audit. This section also discusses the definition, measurement, and metrics of reliability based on standards and quality metrics methodology CMM models. It discusses the ISO 15504 standard, CMMs, PSP, and TSP and includes an appendix containing a software process improvement sample document.

CONCEPTQuality Concept and PerspectivesIntroductionSoftware Quality ConceptSoftware Quality CharacteristicsISO/IEC 9126Control Objectives for Information and Related Technology (COBIT)Validation and VerificationReviews and AuditManagement and ProcessIntroductionSoftware ManagementSoftware Life Cycle ModelsLife Cycle ProcessesTESTINGTesting: Concept and DefinitionIntroductionTesting in the Software Life CycleRequirementsSoftware Testing Life CycleKinds/Types of TestingSuggested ReadingsTesting: Plan and DesignIntroductionPlan and StrategyTest PlanTest ToolsTest ScopeTest Approach and StagesTest ScheduleDefect Reporting and TrackingRoles and ResponsibilitiesReference DocumentsTesting EstimationLessons LearnedTest Design FactorsTest Case Specification and DesignTest: Execution and ReportingIntroductionStarting Test ExecutionTest Result ReportingView and Analyze Test ResultsCHALLENGESIncident ManagementIntroductionOverview on Incident ManagementWhy Incident Management Is ImportantIdentificationInvestigation and AnalysisResponse and RecoveryIssuesSecurity IncidentsDefect ManagementIntroductionDefinition and AnalysisProcess and MethodologyRoot Cause AnalysisDefect PreventionRisk Vulnerability and Threat ManagementIntroductionRisk ManagementVulnerability, Risk, and Threat AnalysisRisk Management Life CycleEffective methods to identify RisksRisk Assessment MatrixRisk Response StrategyRisk Assessment & Contingency PlanVulnerability Risk and Threat AnalysisOCTAVE and Risk ManagementAppendix A: SampleAppendix B: Risk FactorsSOFTWARE QUALITY EXPECTATIONInformation SecurityIntroductionDefinition and ImportanceMethodologySecurity Policy DocumentInformation AuditIntroductionDefinition and PlanningAudit Process and ProcedureAuditing and Information SecuritySoftware Reliability and Process ImprovementIntroductionDefinition and MeasurementMeasurement-Based AssuranceQuality Metrics Methodology Software Reliability Measurement & EstimationCMMs The Capability Maturity Model SEI/CMMSoftware Process Improvement and Capability Determination (SPICE)Appendix: Software Process Improvement

Abu Sayed Mahfuz, ITIL, MIS, MA, has over 15 years of experience in the business and information technology profession, including database manager, technology manager, software quality lead, and technology instruction in several prestigious multinational companies. He is a distinguished trainer, speaker, and book author. Mr. Mahfuz earned his master’s degree in computer and information systems from the University of Detroit Mercy and two other master’s degrees from Malaysia and Bangladesh. He also holds ITIL Foundation certification and several software quality, cyber security, and phishing related internal certifications from Hewlett Packard.