Software Life Cycle Management Standards

Jared Carstensen is an internationally recognised and renowned information security specialist working for Deloitte & Touche. He is a certified industry professional by the International Information Systems Security Consortium (ISC)2, Information Systems Audit and Control Association (ISACA), British Standards Institute (BSI), Cloud Security Alliance (CSA), City & Guilds, and the NCC (UK). Jared has contributed and led projects for numerous Fortune 500 companies, government and state bodies, financial institutions, large multinationals, intelligence and law enforcements bodies, and blue-chip firms around the world. These include projects in Ireland, the United Kingdom, the United Arab Emirates, Nigeria, South Africa and the United States. Jared has also led a number of highly complex flagship projects in West Africa, South Africa and the United States. He regularly contributes as a member of the following organisations - International Information Systems Security Consortium (ISC)2, Information Systems Audit and Control Association (ISACA), the British Standards Institute (BSI), and Standards.org. Jared has been a featured speaker at numerous international events on security and best-practice related topics, and was selected as a member of the IT Governance Expert Panel (10+ Domains) and an advisory panel member for Standards.org. || JP Morgenthal is one of the world's foremost experts in IT strategy and Cloud Computing. He has been applying technology solutions to complex business problems for more than 25 years. He is a respected author and is the Lead Cloud Computing Editor for InfoQ. JP is also President of the Cloud Security Alliance Washington DC, USA Chapter. || Bernard Golden is the CEO of HyperStratus, a Silicon Valley Cloud Computing consultancy which works with clients throughout the world. Bernard is the Cloud Computing Advisor for CIO Magazine and an award-winning blogger. He has been described as a Top 100 'Most Powerful Voice' in security. He is a well-known writer and speaker on Cloud Computing.

Those involved in software management, from the publisher/OEM and third-party reseller through to the enterprise software consumer, will benefit from the insights presented here. Software developers and publishers can improve their processes, leading to financial savings and far greater customer satisfaction. Enterprise software consumers are able to manage software deployments, versions, patches and usage, and measure these against entitlements. The pain of the periodic 'true-up' event is gradually removed, enabling continuous management of the 'true value' of your software investment.The advent of ISO/IEC 19770 is a leap forward for all who have an interest in the software life cycle, from designer to consumer. In five parts, three of which are still under development, the Standard defines best practice for all aspects of software asset management and introduces SWID (software identification) tags and SWEID (software licensing entitlement) tags.Software Life Cycle Management Standards details each part of ISO/IEC 19770 and shows you how to apply it to your business. David Wright calls on his vast experience to explain how the Standard applies to the entire software life cycle, not just the software asset management aspects. His informative guide gives up-to-date information using practical examples, clear diagrams and entertaining anecdotes.

Introduction The goal of this book Chapter 1: Software Asset Management: Both Sides of the Equation Overview Compliance: the delicate balance that rules software commerce True value: the software consumer's continual quest Software as a service The software product life cycle Associated life cycles Critical measurements required for software asset management Chapter 2: Current Approaches in both Process and Technology The people The process Chapter 3: What is ISO/IEC 19770? Oh no! Not another standard! A quick view of the ISO/IEC 19770 standard Chapter 4: Introduction to the SWID Tag ISO/IEC 19770-2 software ID tag functionality Operational breakdown Chapter 5: Implementation of the ISO/IEC 19770-2 Process ISO/IEC 19770 general guidelines Basic process Understanding the deployment/functional model Designing the tags to match the functional deployment model Indicating the presence of an application deployment Create the tagging directories Chapter 6: The ISO/IEC 19770-2 SWID Tag Data Fundamentals ISO/IEC 19770-2 mandatory tag elements ISO/IEC 19770-2 optional tag elements ISO/IEC 19770-2 extended identity elements Chapter 7: SWID Tag Certification Requirements TagVault.org Overview of certification US Federal Government draft GSA/DoD requirement Certification levels Base certification requirements Asset management certification Additional validation by Symantec Corporation Chapter 8: ISO/IEC 19770-3 Considerations Proposed ISO/IEC 19770-3 software entitlement ID tag functionality Inside the SWEID tag Chapter 9: Software Feature Design Related to SWID/SWEID Tag Management for Tag Creators and Modifiers The software life cycle Product tagging and integration life cycle How to analyse your product then design SWEID and SWID tags How to use the tags Chapter 10: SWID and SWEID Tag Management for Consumers The software life cycle Usage, upgrades and renewals The reconciliation point Overcoming the inertia of ISO/IEC 19770 adoption by software publishers SWID tag retrofitting, saving on reconciliation expense Conclusion Appendix: ISO/IEC 19770-2:2009 XML Schema Definition (XSD) Glossary ITG Resources