Jeffrey A. Ingalsbe

Learn More
A megatrend triad comprised of cloud computing, converged mobile devices, and consumerization presents complex challenges to organizations trying to identify, assess, and mitigate risk. Cloud computing offers elastic just-in-time services without infrastructure overhead. However, visibility and control are compromised. Converged mobile devices offer(More)
Optimizing the working relationship between a company's IT security (ITS) group and its internal business customers is difficult at best. Who is responsible for security? What does "responsible" mean? For that matter, what does "security" mean? If ITS is solely responsible for security, as is often the case, then everything across the board will likely(More)
This paper summarizes the relationship between the specifications of the software assurance common body of knowledge (CBK) and the curricula of software engineering, computer science, and information systems. It identifies where various CBK elements fit within each curriculum and it provides recommendations for additional study based on those findings.
Globalization and the attendant demands on multicultural teams have placed new emphasis on ensuring that software engineering students understand the real impacts of social and cultural differences on software engineering work. Cultural differences have specific impacts because our own values are innate. This blind spot can be an extreme hazard when it(More)
This paper presents a discussion of educational case studies used in security requirements assessment and requirements prioritization. Related to this, it introduces risk understanding as an added dimension to the requirements prioritization process. It should be self-evident that the final product should incorporate the requirements with the greatest(More)
This study identifies the places where software assurance knowledge best fits with the elements of a standard software engineering curriculum. This is useful because there is currently no common understanding of the places in a traditional software engineering curriculum where software assurance should be taught. It would appear that the recommendations of(More)
This is a follow-up to our previous study that presented the details of a program to sensitize students to cultural differences by cultural immersion. In this paper, we studied the impact on the student’s participation in the program with respect to culture and their perspectives on diversity and global business practices in the cross-cultural world(More)
This paper details the validation of a comprehensive teaching model for security requirements engineering which ensures that security is built into the software from its inception. It centers on the employment of the SQUARE method for secure software requirements engineering, which was developed at Carnegie Mellon University. The effectiveness of the SQUARE(More)
Defect free software is a critical national priority. Yet, we still do not fully understand the shape of the field that underlies the process of producing, sustaining and acquiring secure software. Specifically, there is no common agreement on the knowledge requirements for the field, nor is there even full agreement about the activities that legitimately(More)