organizational/ industrial assignment
Project 3: Software Weaknesses
Start Here
You hear voices coming from the chief technology officer’s office as
you approach to hand in your weekly status report.
As you walk in, he looks up and says, “Perfect timing! I have a new
project for you.”
John introduces Brenda, the director over in Accounting Systems.
“Brenda, please explain why you’re here and what you need from us.”
Brenda smiles. “Sure. As I was just telling John, accounting needs a
more efficient way to handle our month-end closing procedures.
“Currently, this process is cumbersome with many tasks that could be
automated. Also, every month during this procedure, we process a
high volume of sensitive data that could be at risk while we implement
any type of change.
“In a few weeks, John and I must make a recommendation to the CEO
whether to purchase new software or develop an original application to
improve the efficiency of month-end processing. We need to present a
recommendation that will consider the needs of accounting while
keeping the data secure.”
John turns to you. “I would like you to look into solutions and provide
me with a recommendation prior to our meeting with the CEO. There
are several factors that I would like you to think about.
“First, consider the importance of supply chains. I would also like some
slides on supply chain risk management concepts that I can include in
my presentation. Next, conduct your due diligence on software
development. The third factor to consider is software assurance,
whether we develop or procure. And finally, should we be considering
open source options?
Whatever option we choose, we’ll need to support the maintenance of
it, and so you should also develop a maintenance plan that provides all
of the functionality needed by the accounting department, with minimal
disruption in their operations, and of course, maximum security.”
Brenda says, “Automating the month-end process will be a huge
benefit to the accounting department.”
John concludes, “I would like to see your final recommendations in
three weeks in order for us to have time to prepare for our conversation
with the CEO.”
[Music]
Close
There are 12 steps in this project. Begin by reviewing the project
scenario and then proceed to Step 1.
Competencies
Your work will be evaluated using the competencies listed below.
6.1: Analyze secure software development methodologies and
describe the cybersecurity issues that each methodology
addresses.
6.4: Systems Life Cycle: Explain systems life cycle management
concepts used to plan, develop, implement, operate, and
maintain information systems.
9.4: Software Security Assurance: Demonstrate secure principles,
methods, and tools used in the software
development life cycle.
9.5: Software Security Assurance: Describe the cybersecurity
implications related to procurement and supply chain risk
management.
Step 1: Determine Relevant Supply Chain
Risk Management (SCRM) Practices and
Challenges
You will begin your project with an investigation of supply chain risk
management (SCRM). SCRM is the implementation of strategies to
manage risks associated with the selection, installation,
implementation and use of products with the goal of reducing
vulnerabilities and assuring secure operations. It is important to
understand SCRM in order to make informed decisions regarding the
selection of products.
Review supply chain risk management concepts and theories.
As you read about SCRM, document the following:
SCRM best practices—Identify best practices and successful
implementation.
Describe supply chain risk management
practices and the
SCRM threats—List and describe supply-chain cybersecurity
threats and the technologies and policies that can be used to
mitigate the threats.
SCRM challenges—Determine the SCRM challenges in your
organization given its business and culture and the concerns that
John cited during your meeting. Evaluate the various approaches
to developing secure code in a cost-effective manner in light of
your organization's software assurance needs and expectations,
software assurance objectives, and software assurance coding
and development plan. You will want to optimize the
effectiveness of your software procurement by addressing early
your organization's information security requirements and risk
management in the supply chain germane to your workplace.
You will use this information throughout the project and to help you
create the presentation slide deck.
Step 2: Create Presentation Slide Deck
Using the information that you obtained on supply chain risk
management (SCRM), develop a slide deck with a minimum of six
slides. John will include these slides in his final presentation to educate
his audience on SCRM. These slides should identify the key concepts,
considerations, and applicability of SCRM for your organization.
Submission for SCRM Presentation Slide Deck
Previous submissions
0
Drop files here, or click below
.
Step 3: Explore the Software Development
Life Cycle (SDLC)
Now that you understand SCRM, you will complete a software
development life cycle assessment. The software development life
cycle (SDLC) is a process used to develop, maintain, replace, and
change
software.
The overall purpose of SDLC is to improve the
quality of software through the development and implementation
process.
Review topics from previous projects on systems, utilities, and
application software, interaction of software, and creating a program.
As part of your assessment, include the following information:
Note how various entities are currently using SDLC to implement
software.
Identify and take note of successful implementations, describing
the results.
Identify software development methodologies for common
software applications and cybersecurity standards organizations.
You will use the information that you gather during this step to
complete your SDLC assessment.
Step 4: Identify Key Implementation
Attributes
In the previous step, you explored SDLC, the ways other organizations
are implementing it, and best practices. Now, you are ready to guide
your own organization through the process of developing software.
Start by considering the needs of your organization. Currently, the
accounting month-end closing procedures involve extracting data from
the accounting database into spreadsheets, running macros within the
spreadsheets, uploading new data into the accounting database, and
emailing generated spreadsheet reports and word processing memos.
Brenda, the director of Accounting Systems, would like this process
automated without putting financial data at risk during or after the
implementation.
Review topics on databases for operational data, database
management systems, and how a database works.
Based on this needs analysis, you decide to focus on the SDLC
maintenance phase:
Identify the key factors to successful maintenance and the
implementation of this phase.
Identify potential obstacles to success and ways to anticipate and
mitigate them.
You will use the information that you gather during this step to
complete your SDLC assessment.
Step 5: Examine Software Assurance
Businesses depend on the safe operations of systems. The level of
confidence a business or other entity has that its software is free from
vulnerabilities is referred to as software assurance (SwA). As the final
step before your assessment, research SwA and other topics related to
preventing and fixing software vulnerabilities.
In your research, make sure to complete the following:
Evaluate the major steps, underlying theory, and relative
usefulness of software security testing, white box and black box
software security testing, the Common Criteria/Common Criteria
Evaluation and Validation Scheme (CCEVS), and the Common
Criteria (CC) for Information Technology Security Evaluation.
Identify and evaluate state and federal cybersecurity policies
underlying the application, scope, and selection of secure
software development methodologies.
Determine when to perform a risk analysis.
Evaluate security concerns that arise during the acceptance
phase of software development.
Describe the testing and validation process from a cybersecurity
policy standpoint.
Identify the ways in which SwA ensures trustworthiness,
predictable execution, and conformance.
Identify SwA best practices.
Identify innovations in the provision of SwA that you have found
in your research.
You will use the information that you gather during this step to
complete your SDLC assessment.
Step 6: Prepare a Software Development
Life Cycle Assessment
Integrating the information that you have gathered on software
development in the last few steps, develop either a five-page summary
assessment or a 10-minute video explanation of the software
development life cycle, including your view on its importance to
software security. This assessment will provide foundational support
for your final recommendation.
Be sure to do the following:
Describe basic models and methodologies of the software
development life cycle.
Identify a development methodology that fits your organization
and explain why.
Describe the phases of the
software life cycle.
List and discuss the security principles you would need to
consider and explain how you would apply them throughout the
software life cycle.
Describe the elements of a maturity model.
Submit your assessment for feedback.
Submission for SDLC Assessment
Previous submissions
0
Drop files here, or click below.
Step 7: Compare and Contrast Software
Development Methodologies
Now that you have completed your research on the SDLC, you are
going to look into how to develop the software your organization
needs.
You decide to consider various software development methodologies.
Compare and contrast open source, commercial, and internally
developed software methodologies, noting what cybersecurity issues
each addresses.
Open-source software platforms are widely used and supported, and
benefit from communities of creative and innovate thinkers. Learn
about the open source development community (accountability and
self-policing, development criteria, "ownership") and the pros and cons
of adopting open source platforms for corporate use.
You will use this information in the next step to develop a software
development matrix.
Step 8: Submit a Software Development
Matrix
Develop and submit a one-page matrix that compares and contrasts
open source, commercial, and internally developed software
development methodologies. You may want to use a table in Word or
an Excel spreadsheet. Either will help you to succinctly present your
ideas. Discuss the pros and cons of each to help inform your final
recommendation. Include as criteria cost, software assurance needs
and expectations, software assurance objectives, and a software
assurance coding and development plan. You will use information from
this matrix in your Software
Recommendation Memo
.
Submit the matrix for feedback.
Submission for Software Development Matrix
Previous submissions
0
Drop files here, or click below.
Step 9: Evaluate Software Maintenance
Whether you are developing or purchasing software, the key to
successful software installation and use is a maintenance plan that
ensures updates are implemented in a timely manner and that guards
against improper uses that could jeopardize the integrity of the
software. Using key tenets of the maintenance elements of the SLDC,
begin developing a software maintenance plan. In preparation for the
maintenance plan, you will need to do the following:
Describe the software, the features, and the security
improvements.
Develop a schedule to implement the recommended software.
Identify potential impacts to mission, risks, and likelihood of
success.
Step 10: Submit Software Maintenance
Plan
Using your findings from the previous step, develop and submit a two-
page white paper for distribution to the team that will be responsible for
implementing the plan. Since this white paper will help you to prepare
the Software Recommendation Memo, it should do the following:
Describe the software features.
Describe the expected impacts on the mission.
Include the implementation schedule.
Submit the white paper to your instructor for review.
Submission for Software Maintenance Plan
Previous submissions
0
Drop files here, or click below.
tep 11: Weigh Software Options
You are finally ready to write your recommendation memo. Before you
begin, look over your research one more time and evaluate your
findings. Identify the software options to consider along with the
associated costs and risks of those options. Your options should
include procurement, development, and open source.
Step 12: Submit the Software
Recommendation Memo
Now that you have weighed the software options, write a memo
recommending an approach to software acquisition for the organization
Use your ideas from the matrix and white paper. Address it to
procurement, with coordination through the chief information officer.
This memo will educate leadership on the importance of making the
right software decisions for the organization, so the memo will describe
the software development life cycle (SDLC) and its applicability to the
current needs of your organization. The three- to five-page
memorandum should accomplish the following:
Articulate the software needs of the organization.
Identify the software options that best meet the organization’s
needs.
Make a recommendation for your organization supported by a
rationale.
Describe the key attributes of the software development life cycle
(SDLC).
Describe the weaknesses of commonly used software (word
processing, spreadsheets, email platforms).
Identify any known risks of your recommendation and describe
supply chain risk management your organization could
implement.
Detail the costs involved in your recommendation.
Cite contract language that would be used to ensure that supply
chain, system, network, and operational security were met.
Submit the memo to your instructor.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below,
which your instructor will use to evaluate your work. A good practice
would be to use each competency as a self-check to confirm you have
incorporated all of them. To view the complete grading rubric, click My
Tools, select Assignments from the drop-down menu, and then click
the project title.
6.1: Analyze secure software development methodologies and
describe the cybersecurity issues that each methodology
addresses.
6.4: Systems Life Cycle: Explain systems life cycle management
concepts used to plan, develop, implement, operate, and
maintain information systems.
9.4: Software Security Assurance: Demonstrate secure principles,
methods, and tools used in the software development life cycle.
9.5: Software Security Assurance: Describe the cybersecurity
implications related to procurement and supply chain risk
management.
Submission for Software Recommendation Memo
Previous submissions
0
Drop files here, or click below
Project 3: Software Weaknesses
Start Here
You hear voices coming from the chief technology officer’s office as you approach to hand in your weekly status report.
As you walk in, he looks up and says, “Perfect timing! I have a new project for you.”
John introduces Brenda, the director over in Accounting Systems. “Brenda, please explain why you’re here and what you need from us.”
Brenda smiles. “Sure. As I was just telling John, accounting needs a more efficient way to handle our month-end closing procedures.
“Currently, this process is cumbersome with many tasks that could be automated. Also, every month during this procedure, we process a high volume of sensitive data that could be at risk while we implement any type of change.
“In a few weeks, John and I must make a recommendation to the CEO whether to purchase new software or develop an original application to improve the efficiency of month-end processing. We need to present a recommendation that will consider the needs of accounting while keeping the data secure.”
John turns to you. “I would like you to look into solutions and provide me with a recommendation prior to our meeting with the CEO. There are several factors that I would like you to think about.
“First, consider the importance of supply chains. I would also like some slides on
supply chain risk management
concepts that I can include in my presentation. Next, conduct your due diligence on software development. The third factor to consider is
software assurance
, whether we develop or procure. And finally, should we be considering open source options?
Whatever option we choose, we’ll need to support the maintenance of it, and so you should also develop a maintenance plan that provides all of the functionality needed by the accounting department, with minimal disruption in their operations, and of course, maximum security.”
Brenda says, “Automating the month-end process will be a huge benefit to the accounting department.”
John concludes, “I would like to see your final recommendations in three weeks in order for us to have time to prepare for our conversation with the CEO.”
[Music]
Close
There are 12 steps in this project. Begin by reviewing the project scenario and then proceed to Step 1.
Competencies
Your work will be evaluated using the competencies listed below.
· 6.1: Analyze secure
software development methodologies
and describe the cybersecurity issues that each methodology addresses.
· 6.4: Systems Life Cycle: Explain systems life cycle management concepts used to plan, develop, implement, operate, and maintain information systems.
· 9.4: Software Security Assurance: Demonstrate secure principles, methods, and tools used in the
software development life cycle
.
· 9.5: Software Security Assurance: Describe the cybersecurity implications related to procurement and supply chain risk management.
Step 1: Determine Relevant Supply Chain Risk Management (SCRM) Practices and Challenges
You will begin your project with an investigation of supply chain risk management (SCRM). SCRM is the implementation of strategies to manage risks associated with the selection, installation, implementation and use of products with the goal of reducing vulnerabilities and assuring secure operations. It is important to understand SCRM in order to make informed decisions regarding the selection of products.
Review
supply chain risk management concepts and theories.
As you read about SCRM, document the following:
· SCRM best practices—Identify best practices and successful implementation. Describe supply chain risk management practices and the
· SCRM threats—List and describe supply-chain cybersecurity threats and the technologies and policies that can be used to mitigate the threats.
· SCRM challenges—Determine the SCRM challenges in your organization given its business and culture and the concerns that John cited during your meeting. Evaluate the various approaches to developing secure code in a cost-effective manner in light of your organization’s software assurance needs and expectations, software assurance objectives, and software assurance coding and development plan. You will want to optimize the effectiveness of your software procurement by addressing early your organization’s information security requirements and risk management in the supply chain germane to your workplace.
You will use this information throughout the project and to help you create the presentation slide deck.
Step 2: Create Presentation Slide Deck
Using the information that you obtained on supply chain risk management (SCRM), develop a slide deck with a minimum of six slides. John will include these slides in his final presentation to educate his audience on SCRM. These slides should identify the key concepts, considerations, and applicability of SCRM for your organization.
Submission for SCRM Presentation Slide Deck
Previous submissions
Previous submissions
Previous submissions
0
Top of Form
Drop files here, or click below
.
Bottom of Form
Step 3: Explore the Software Development Life Cycle (SDLC)
Now that you understand SCRM, you will complete a software development life cycle assessment. The software development life cycle (SDLC) is a process used to develop, maintain, replace, and change software. The overall purpose of SDLC is to improve the quality of software through the development and implementation process.
Review topics from previous projects on
systems, utilities, and application software
,
interaction of software
, and
creating a program
.
As part of your assessment, include the following information:
· Note how various entities are currently using SDLC to implement software.
· Identify and take note of successful implementations, describing the results.
· Identify software development methodologies for common software applications and
cybersecurity standards organizations
.
You will use the information that you gather during this step to complete your SDLC assessment.
Step 4: Identify Key Implementation Attributes
In the previous step, you explored SDLC, the ways other organizations are implementing it, and best practices. Now, you are ready to guide your own organization through the process of developing software.
Start by considering the needs of your organization. Currently, the accounting month-end closing procedures involve extracting data from the accounting database into spreadsheets, running macros within the spreadsheets, uploading new data into the accounting database, and emailing generated spreadsheet reports and word processing memos. Brenda, the director of Accounting Systems, would like this process automated without putting financial data at risk during or after the implementation.
Review topics on
databases for operational data
,
database management systems
, and
how a database works
.
Based on this needs analysis, you decide to focus on the SDLC maintenance phase:
· Identify the key factors to successful maintenance and the implementation of this phase.
· Identify potential obstacles to success and ways to anticipate and mitigate them.
You will use the information that you gather during this step to complete your SDLC assessment.
Step 5: Examine Software Assurance
Businesses depend on the safe operations of systems. The level of confidence a business or other entity has that its software is free from vulnerabilities is referred to as software assurance (SwA). As the final step before your assessment, research SwA and other topics related to preventing and fixing software vulnerabilities.
In your research, make sure to complete the following:
· Evaluate the major steps, underlying theory, and relative usefulness of
software security testing
, white box and black box software security testing, the
Common Criteria/Common Criteria Evaluation and Validation Scheme (CCEVS)
, and the Common Criteria (CC) for Information Technology Security Evaluation.
· Identify and evaluate state and federal cybersecurity policies underlying the application, scope, and selection of secure software development methodologies.
· Determine when to perform a risk analysis.
· Evaluate security concerns that arise during the acceptance phase of software development.
· Describe the testing and validation process from a cybersecurity policy standpoint.
· Identify the ways in which SwA ensures trustworthiness, predictable execution, and conformance.
· Identify SwA best practices.
· Identify innovations in the provision of SwA that you have found in your research.
You will use the information that you gather during this step to complete your SDLC assessment.
Step 6: Prepare a Software Development Life Cycle Assessment
Integrating the information that you have gathered on software development in the last few steps, develop either a five-page summary assessment or a 10-minute video explanation of the software development life cycle, including your view on its importance to software security. This assessment will provide foundational support for your final recommendation.
Be sure to do the following:
· Describe basic models and methodologies of the software development life cycle.
· Identify a development methodology that fits your organization and explain why.
· Describe the phases of the software life cycle.
· List and discuss the security principles you would need to consider and explain how you would apply them throughout the software life cycle.
· Describe the elements of a
maturity model
.
Submit your assessment for feedback.
Submission for SDLC Assessment
Previous submissions
0
Top of Form
Drop files here, or click below.
Bottom of Form
Step 7: Compare and Contrast Software Development Methodologies
Now that you have completed your research on the SDLC, you are going to look into how to develop the software your organization needs.
You decide to consider various software development methodologies. Compare and contrast open source, commercial, and internally developed software methodologies, noting what cybersecurity issues each addresses.
Open-source
software platforms are widely used and supported, and benefit from communities of creative and innovate thinkers. Learn about the open source development community (accountability and self-policing, development criteria, “ownership”) and the pros and cons of adopting open source platforms for corporate use.
You will use this information in the next step to develop a software development matrix.
Step 8: Submit a Software Development Matrix
Develop and submit a one-page matrix that compares and contrasts open source, commercial, and internally developed software development methodologies. You may want to use a table in Word or an Excel spreadsheet. Either will help you to succinctly present your ideas. Discuss the pros and cons of each to help inform your final recommendation. Include as criteria cost, software assurance needs and expectations, software assurance objectives, and a software assurance coding and development plan. You will use information from this matrix in your Software Recommendation Memo.
Submit the matrix for feedback.
Submission for Software Development Matrix
Previous submissions
0
Top of Form
Drop files here, or click below.
Bottom of Form
Step 9: Evaluate Software Maintenance
Whether you are developing or purchasing software, the key to successful software installation and use is a maintenance plan that ensures updates are implemented in a timely manner and that guards against improper uses that could jeopardize the integrity of the software. Using key tenets of the maintenance elements of the SLDC, begin developing a
software maintenance
plan. In preparation for the maintenance plan, you will need to do the following:
· Describe the software, the features, and the security improvements.
· Develop a schedule to implement the recommended software.
· Identify potential impacts to mission, risks, and likelihood of success.
Step 10: Submit Software Maintenance Plan
Using your findings from the previous step, develop and submit a two-page white paper for distribution to the team that will be responsible for implementing the plan. Since this white paper will help you to prepare the Software Recommendation Memo, it should do the following:
· Describe the software features.
· Describe the expected impacts on the mission.
· Include the implementation schedule.
Submit the white paper to your instructor for review.
Submission for Software Maintenance Plan
Previous submissions
0
Top of Form
Drop files here, or click below.
Bottom of Form
tep 11: Weigh Software Options
You are finally ready to write your recommendation memo. Before you begin, look over your research one more time and evaluate your findings. Identify the software options to consider along with the associated costs and risks of those options. Your options should include procurement, development, and open source.
Step 12: Submit the Software Recommendation Memo
Now that you have weighed the software options, write a memo recommending an approach to software acquisition for the organization Use your ideas from the matrix and white paper. Address it to procurement, with coordination through the chief information officer. This memo will educate leadership on the importance of making the right software decisions for the organization, so the memo will describe the software development life cycle (SDLC) and its applicability to the current needs of your organization. The three- to five-page memorandum should accomplish the following:
· Articulate the software needs of the organization.
· Identify the software options that best meet the organization’s needs.
· Make a recommendation for your organization supported by a rationale.
· Describe the key attributes of the software development life cycle (SDLC).
· Describe the weaknesses of commonly used software (word processing, spreadsheets, email platforms).
· Identify any known risks of your recommendation and describe supply chain risk management your organization could implement.
· Detail the costs involved in your recommendation.
· Cite contract language that would be used to ensure that supply chain, system, network, and operational security were met.
Submit the memo to your instructor.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
· 6.1: Analyze secure software development methodologies and describe the cybersecurity issues that each methodology addresses.
· 6.4: Systems Life Cycle: Explain systems life cycle management concepts used to plan, develop, implement, operate, and maintain information systems.
· 9.4: Software Security Assurance: Demonstrate secure principles, methods, and tools used in the software development life cycle.
· 9.5: Software Security Assurance: Describe the cybersecurity implications related to procurement and supply chain risk management.
Submission for Software Recommendation Memo
Previous submissions
0
Top of Form
Drop files here, or click below
NB I have to submit the followings documents
SCRM Presentation Slide Deck |
Not Submitted |
||||||||||||||||||||
SDLC Assessment |
|||||||||||||||||||||
Software Development Matrix |
|||||||||||||||||||||
Software Maintenance Plan |
|||||||||||||||||||||
Software Recommendation Memo |
Bottom of Form