U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Nancy Mead

Nancy R. Mead is a senior member of the technical staff in the NSS Program at the SEI. Mead is also a faculty member in the Master of Software Engineering and Master of Information Systems Management programs at Carnegie Mellon University. She is currently involved in the study of security and privacy requirements engineering and software education. During fiscal year 2005 she served as team lead for the initial BSI website development and launch. She has since continued on the BSI project as technical lead. She also served as director of education for the SEI from 1991 to 1994.

Nancy R. Mead is a senior member of the technical staff in the CERT Secure Software and Systems team at the Software Engineering Institute (SEI).  Mead is also a faculty member in the Master of Software Engineering (MSE) and Master of Information Systems Management (MSIM) programs at Carnegie Mellon University. She is currently involved in the study of security requirements engineering and the development of software assurance curricula. Mead also served as director of education for the SEI from 1991 to 1994. Her research interests are in the areas of information security, software requirements engineering, and software architectures.

Prior to joining the SEI, Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM's software engineering technology area and managed IBM Federal Systems' software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.

Mead has more than 150 publications and presentations, and is cited in Who’s Who in America. She is a Fellow of the Institute of Electrical and Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society, and a Distinguished Member of the Association of Computer Machinery (ACM). Mead serves on the editorial boards for the International Journal on Secure Software Engineering and the Requirements Engineering Journal, and is a member of numerous advisory boards and committees.

Mead received her PhD in mathematics from the Polytechnic Institute of New York and received a BA and an MS in mathematics from New York University.

Recent Publications

Allen, J., Barnum, S., Ellison, R., McGraw, G., & Mead, N. R. Software Security Engineering: A Guide for Project Managers, Addison-Wesley, 2008 (ISBN 978-0-321-50917-8).

Caulkins, J., Hough, E. D., Mead, N. R., & Osman, H. "Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets." IEEE Security & Privacy 5, 5 (Sept./Oct. 2007): 24-27.

Ingalsbe, J. A., Kunimatsu, L., Baeten, T., & Mead, N. R. "Threat Modeling: Diving into the Deep End." IEEE Software 5, 1 (Jan./Feb. 2008): 28-34.

Mead, N. R., Hough, E., & Stehney, T. Security Quality Requirements Engineering (SQUARE) Methodology (CMU/SEI-2005-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005.

Mead, N. R., Allen, J., Conklin, W. A., Drommi, A., Harrison, J., Ingalsbe, J., Rainey, J., & Shoemaker, D. Making the Business Case for Software Assurance (CMU/SEI-2009-SR-001). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2009.

Mead, N. R. & Shoemaker, D. Ch. VI, "Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses and Curricula," 98-113. Software Engineering: Effective Teaching and Learning Approaches and Practices. Edited by Ellis, Demurjian, and Naveda. IGI Global, 2008.

Mead, N. R. "Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method," 44-69. Integrating Security and Software Engineering: Advances and Future Visions. Edited by H. Mouratidis and P. Giorgini. Idea Group,  2006 (ISBN 1-59904-147-2).

Articles

Namesort descending Content Areas
"Requirements Elicitation Case Studies Using IBIS, JAD, and ARM" Best Practices/Requirements Engineering
A Common Sense Way to Make the Business Case for Software Assurance Knowledge/Business Case Models
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods Best Practices/Requirements Engineering
Building a Body of Knowledge for ICT Supply Chain Risk Management Software Assurance Education
Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository Knowledge/Software Assurance Education
Development of a Master of Software Assurance Reference Curriculum Knowledge/Software Assurance Education
Foundations for Software Assurance Knowledge/Software Assurance Education
Getting Secure Software Assurance Knowledge into Conventional Practice Knowledge/Software Assurance Education
Integrating Software Assurance Knowledge into Conventional Curricula Knowledge/Software Assurance Education
Making the Business Case for Software Assurance Knowledge/Business Case Models
Measuring The Software Security Requirements Engineering Process Best Practices/Measurement
Models for Assessing the Cost and Value of Software Assurance Knowledge/Business Case Models
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets Best Practices/Requirements Engineering
Requirements Elicitation Introduction Best Practices/Requirements Engineering
Requirements Engineering Annotated Bibliography Best Practices/Requirements Engineering
Requirements Prioritization Case Study Using AHP Best Practices/Requirements Engineering
Requirements Prioritization Introduction Best Practices/Requirements Engineering
Security Requirements Engineering Best Practices/Requirements Engineering
Software Assurance Education Overview Knowledge/Software Assurance Education
Software Security Engineering: A Guide for Project Managers Best Practices/Project Management
SQUARE Process Best Practices/Requirements Engineering
Teaching Security Requirements Engineering Using SQUARE Knowledge/Software Assurance Education
The Common Criteria Best Practices/Requirements Engineering
The Development of a Graduate Curriculum for Software Assurance Knowledge/Software Assurance Education
The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability Software Assurance Education
Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge Knowledge/Software Assurance Education
Back to Top