SEI Series in Software Engineering – serie

CMMI® for Services (CMMI-SVC) is a comprehensive set of guidelines to help organizations establish and improve processes for delivering services. By adapting and extending proven standards and best practices to reflect the unique challenges faced in service industries, CMMI-SVC offers providers a practical and focused framework for achieving higher levels of service quality, controlling costs, improving schedules, and ensuring user satisfaction. A member of the newest CMMI model, CMMI-SVC Version 1.3, reflects changes to the model made for all constellations, including clarifications of high-maturity practices, alignment of the sixteen core process areas, and improvements in the SCAMPI appraisal method.

The indispensable CMMI® for Services, Second Edition, is both an introduction to the CMMI-SVC model and an authoritative reference for it. The contents include the complete model itself, formatted for quick reference. In addition, the book’s authors have refined the model’s introductory chapters; provided marginal notes to clarify the nature of particular process areas and to show why their practices are valuable; and inserted longer sidebars to explain important concepts. Brief essays by people with experience in different application areas further illustrate how the model works in practice and what benefits it offers.

The book is divided into three parts.

Part One begins by thoroughly explaining CMMI-SVC, its concepts, and its use. The authors provide robust information about service concepts, including a discussion of lifecycles in service environments; outline how to start using CMMI-SVC; explore how to achieve process improvements that last; and offer insights into the relationships among process areas.

Part Two describes generic goals and practices, and then details the complete set of twenty-four CMMI-SVC process areas, including specific goals, specific practices, and examples. The process areas are organized alphabetically by acronym and are tabbed for easy reference.

Part Three contains several useful resources, including CMMI-SVC-related references, acronym definitions, a glossary of terms, and an index.

Whether you are new to CMMI models or are already familiar with one or more of them, this book is an essential resource for service providers interested in learning about or implementing process improvement.

The First Complete Guide to DevOps for Software Architects

DevOps promises to accelerate the release of new software features and improve monitoring of systems in production, but its crucial implications for software architects and architecture are often ignored.

In DevOps: A Software Architect’s Perspective, three leading architects address these issues head-on. The authors review decisions software architects must make in order to achieve DevOps’ goals and clarify how other DevOps participants are likely to impact the architect’s work. They also provide the organizational, technical, and operational context needed to deploy DevOps more efficiently, and review DevOps’ impact on each development phase. The authors address cross-cutting concerns that link multiple functions, offering practical insights into compliance, performance, reliability, repeatability, and security.

This guide demonstrates the authors’ ideas in action with three real-world case studies: datacenter replication for business continuity, management of a continuous deployment pipeline, and migration to a microservice architecture.

Comprehensive coverage includes

• Why DevOps can require major changes in both system architecture and IT roles

• How virtualization and the cloud can enable DevOps practices

• Integrating operations and its service lifecycle into DevOps

• Designing new systems to work well with DevOps practices

• Integrating DevOps with agile methods and TDD

• Handling failure detection, upgrade planning, and other key issues

• Managing consistency issues arising from DevOps’ independent deployment models

• Integrating security controls, roles, and audits into DevOps

• Preparing a business plan for DevOps adoption, rollout, and measurement

Learn how to create successful architectural designs and improve your current design practices!

Designing Software Architectures, 2nd Edition, provides a practical, step-by-step methodology for architecture design that any professional software engineer can use, with structured methods supported by reusable chunks of design knowledge and rich case studies that demonstrate how to use the methods.

The Attribute-Driven Design method may not have changed since this book's first printing, but almost everything else about the industry has. In this newly updated edition, you will find new chapters on supporting business agility through API-centric design, deployability, cloud-based solutions, and technical debt in design.

Humberto Cervantes and Rick Kazman illuminate best practices for how architects should design complex systems so you can make design decisions in systematic, repeatable, and cost-effective ways. This book will help you become a better, more confident designer who can create high-quality architectures with ease.

The new edition includes:

Register your product at informit.com/register for convenient access to downloads, updates, and/or corrections as they become available.

The foundation of any software system is its architecture. Using this book, you can evaluate every aspect of architecture in advance, at remarkably low cost -- identifying improvements that can dramatically improve any system's performance, security, reliability, and maintainability. As the practice of software architecture has matured, it has become possible to identify causal connections between architectural design decisions and the qualities and properties that result downstream in the systems that follow from them. This book shows how, offering step-by-step guidance, as well as detailed practical examples -- complete with sample artifacts reflective of those that evaluators will encounter. The techniques presented here are applicable not only to software architectures, but also to system architectures encompassing computing hardware, networking equipment, and other elements. For all software architects, software engineers, developers, IT managers, and others responsible for creating, evaluating, or implementing software architectures.

Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.

The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.

This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.

With this book, you will find out how to

By implementing this book’s security practices, you will be incorporating protection mechanisms designed to resist the vast majority of malicious insider attacks.