Software Quality Assurance: Integrating Testing, Security, and Audit focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.
The book is divided into four sections: The first section addresses the basic concepts of software quality, validation and verification, and audits. It covers the major areas of software management, software life cycle, and life cycle processes. The second section is about testing. It discusses test plans and strategy and introduces a step-by-step test design process along with a sample test case. It also examines what a tester or test lead needs to do before and during test execution and how to report after completing the test execution.
The third section deals with security breaches and defects that may occur. It discusses documentation and classification of incidences as well as how to handle an occurrence. The fourth and final section provides examples of security issues along with a security policy document and addresses the planning aspects of an information audit. This section also discusses the definition, measurement, and metrics of reliability based on standards and quality metrics methodology CMM models. It discusses the ISO 15504 standard, CMMs, PSP, and TSP and includes an appendix containing a software process improvement sample document.
Abu Sayed Mahfuz
Country of Publication:
Series: Internal Audit and IT Audit
15 April 2016
Professional and scholarly
CONCEPT Quality Concept and Perspectives Introduction Software Quality Concept Software Quality Characteristics ISO/IEC 9126 Control Objectives for Information and Related Technology (COBIT) Validation and Verification Reviews and Audit Management and Process Introduction Software Management Software Life Cycle Models Life Cycle Processes TESTING Testing: Concept and Definition Introduction Testing in the Software Life Cycle Requirements Software Testing Life Cycle Kinds/Types of Testing Suggested Readings Testing: Plan and Design Introduction Plan and Strategy Test Plan Test Tools Test Scope Test Approach and Stages Test Schedule Defect Reporting and Tracking Roles and Responsibilities Reference Documents Testing Estimation Lessons Learned Test Design Factors Test Case Specification and Design Test: Execution and Reporting Introduction Starting Test Execution Test Result Reporting View and Analyze Test Results CHALLENGES Incident Management Introduction Overview on Incident Management Why Incident Management Is Important Identification Investigation and Analysis Response and Recovery Issues Security Incidents Defect Management Introduction Definition and Analysis Process and Methodology Root Cause Analysis Defect Prevention Risk Vulnerability and Threat Management Introduction Risk Management Vulnerability, Risk, and Threat Analysis Risk Management Life Cycle Effective methods to identify Risks Risk Assessment Matrix Risk Response Strategy Risk Assessment & Contingency Plan Vulnerability Risk and Threat Analysis OCTAVE and Risk Management Appendix A: Sample Appendix B: Risk Factors SOFTWARE QUALITY EXPECTATION Information Security Introduction Definition and Importance Methodology Security Policy Document Information Audit Introduction Definition and Planning Audit Process and Procedure Auditing and Information Security Software Reliability and Process Improvement Introduction Definition and Measurement Measurement-Based Assurance Quality Metrics Methodology Software Reliability Measurement & Estimation CMMs The Capability Maturity Model SEI/CMM Software Process Improvement and Capability Determination (SPICE) Appendix: Software Process Improvement
Abu Sayed Mahfuz, ITIL, MIS, MA, has over 15 years of experience in the business and information technology profession, including database manager, technology manager, software quality lead, and technology instruction in several prestigious multinational companies. He is a distinguished trainer, speaker, and book author. Mr. Mahfuz earned his master's degree in computer and information systems from the University of Detroit Mercy and two other master's degrees from Malaysia and Bangladesh. He also holds ITIL Foundation certification and several software quality, cyber security, and phishing related internal certifications from Hewlett Packard.