organizational/ industrial assignment

Project 3: Software Weaknesses

Start Here

You hear voices coming from the chief technology officers office as

you approach to hand in your weekly status report.

As you walk in, he looks up and says, Perfect timing! I have a new

project for you.

John introduces Brenda, the director over in Accounting Systems.

Brenda, please explain why youre here and what you need from us.

Brenda smiles. Sure. As I was just telling John, accounting needs a

more efficient way to handle our month-end closing procedures.

Currently, this process is cumbersome with many tasks that could be

automated. Also, every month during this procedure, we process a

high volume of sensitive data that could be at risk while we implement

any type of change.

In a few weeks, John and I must make a recommendation to the CEO

whether to purchase new software or develop an original application to

improve the efficiency of month-end processing. We need to present a

recommendation that will consider the needs of accounting while

keeping the data secure.

John turns to you. I would like you to look into solutions and provide

me with a recommendation prior to our meeting with the CEO. There

are several factors that I would like you to think about.

First, consider the importance of supply chains. I would also like some

slides on supply chain risk management concepts that I can include in

my presentation. Next, conduct your due diligence on software

development. The third factor to consider is software assurance,

whether we develop or procure. And finally, should we be considering

open source options?

Whatever option we choose, well need to support the maintenance of

it, and so you should also develop a maintenance plan that provides all

of the functionality needed by the accounting department, with minimal

disruption in their operations, and of course, maximum security.

Brenda says, Automating the month-end process will be a huge

benefit to the accounting department.

John concludes, I would like to see your final recommendations in

three weeks in order for us to have time to prepare for our conversation

with the CEO.

[Music]

Close

There are 12 steps in this project. Begin by reviewing the project

scenario and then proceed to Step 1.

Competencies

Your work will be evaluated using the competencies listed below.

6.1: Analyze secure software development methodologies and

describe the cybersecurity issues that each methodology

addresses.

6.4: Systems Life Cycle: Explain systems life cycle management

concepts used to plan, develop, implement, operate, and

maintain information systems.

9.4: Software Security Assurance: Demonstrate secure principles,

methods, and tools used in the software development life cycle.

9.5: Software Security Assurance: Describe the cybersecurity

implications related to procurement and supply chain risk

management.

Step 1: Determine Relevant Supply Chain

Risk Management (SCRM) Practices and

Challenges

You will begin your project with an investigation of supply chain risk

management (SCRM). SCRM is the implementation of strategies to

manage risks associated with the selection, installation,

implementation and use of products with the goal of reducing

vulnerabilities and assuring secure operations. It is important to

understand SCRM in order to make informed decisions regarding the

selection of products.

Review supply chain risk management concepts and theories.

As you read about SCRM, document the following:

SCRM best practicesIdentify best practices and successful

implementation. Describe supply chain risk management

practices and the 

SCRM threatsList and describe supply-chain cybersecurity

threats and the technologies and policies that can be used to

mitigate the threats.

SCRM challengesDetermine the SCRM challenges in your

organization given its business and culture and the concerns that

John cited during your meeting. Evaluate the various approaches

to developing secure code in a cost-effective manner in light of

your organization's software assurance needs and expectations,

software assurance objectives, and software assurance coding

and development plan. You will want to optimize the

effectiveness of your software procurement by addressing early

your organization's information security requirements and risk

management in the supply chain germane to your workplace.

You will use this information throughout the project and to help you

create the presentation slide deck.

Step 2: Create Presentation Slide Deck

Using the information that you obtained on supply chain risk

management (SCRM), develop a slide deck with a minimum of six

slides. John will include these slides in his final presentation to educate

his audience on SCRM. These slides should identify the key concepts,

considerations, and applicability of SCRM for your organization.

Submission for SCRM Presentation Slide Deck

Previous submissions

0

Drop files here, or click below.

Step 3: Explore the Software Development

Life Cycle (SDLC)

Now that you understand SCRM, you will complete a software

development life cycle assessment. The software development life

cycle (SDLC) is a process used to develop, maintain, replace, and

change software. The overall purpose of SDLC is to improve the

quality of software through the development and implementation

process.

Review topics from previous projects on systems, utilities, and

application software, interaction of software, and creating a program.

As part of your assessment, include the following information:

Note how various entities are currently using SDLC to implement

software.

Identify and take note of successful implementations, describing

the results.

Identify software development methodologies for common

software applications and cybersecurity standards organizations.

You will use the information that you gather during this step to

complete your SDLC assessment.

Step 4: Identify Key Implementation

Attributes

In the previous step, you explored SDLC, the ways other organizations

are implementing it, and best practices. Now, you are ready to guide

your own organization through the process of developing software.

Start by considering the needs of your organization. Currently, the

accounting month-end closing procedures involve extracting data from

the accounting database into spreadsheets, running macros within the

spreadsheets, uploading new data into the accounting database, and

emailing generated spreadsheet reports and word processing memos.

Brenda, the director of Accounting Systems, would like this process

automated without putting financial data at risk during or after the

implementation.

Review topics on databases for operational data, database

management systems, and how a database works.

Based on this needs analysis, you decide to focus on the SDLC

maintenance phase:

Identify the key factors to successful maintenance and the

implementation of this phase.

Identify potential obstacles to success and ways to anticipate and

mitigate them.

You will use the information that you gather during this step to

complete your SDLC assessment.

Step 5: Examine Software Assurance

Businesses depend on the safe operations of systems. The level of

confidence a business or other entity has that its software is free from

vulnerabilities is referred to as software assurance (SwA). As the final

step before your assessment, research SwA and other topics related to

preventing and fixing software vulnerabilities.

In your research, make sure to complete the following:

Evaluate the major steps, underlying theory, and relative

usefulness of software security testing, white box and black box

software security testing, the Common Criteria/Common Criteria

Evaluation and Validation Scheme (CCEVS), and the Common

Criteria (CC) for Information Technology Security Evaluation.

Identify and evaluate state and federal cybersecurity policies

underlying the application, scope, and selection of secure

software development methodologies.

Determine when to perform a risk analysis.

Evaluate security concerns that arise during the acceptance

phase of software development.

Describe the testing and validation process from a cybersecurity

policy standpoint.

Identify the ways in which SwA ensures trustworthiness,

predictable execution, and conformance.

Identify SwA best practices.

Identify innovations in the provision of SwA that you have found

in your research.

You will use the information that you gather during this step to

complete your SDLC assessment.

Step 6: Prepare a Software Development

Life Cycle Assessment

Integrating the information that you have gathered on software

development in the last few steps, develop either a five-page summary

assessment or a 10-minute video explanation of the software

development life cycle, including your view on its importance to

software security. This assessment will provide foundational support

for your final recommendation.

Be sure to do the following:

Describe basic models and methodologies of the software

development life cycle.

Identify a development methodology that fits your organization

and explain why.

Describe the phases of the software life cycle.

List and discuss the security principles you would need to

consider and explain how you would apply them throughout the

software life cycle.

Describe the elements of a maturity model.

Submit your assessment for feedback.

Submission for SDLC Assessment

Previous submissions

0

Drop files here, or click below.

Step 7: Compare and Contrast Software

Development Methodologies

Now that you have completed your research on the SDLC, you are

going to look into how to develop the software your organization needs.

You decide to consider various software development methodologies.

Compare and contrast open source, commercial, and internally

developed software methodologies, noting what cybersecurity issues

each addresses.

Open-source software platforms are widely used and supported, and

benefit from communities of creative and innovate thinkers. Learn

about the open source development community (accountability and

self-policing, development criteria, "ownership") and the pros and cons

of adopting open source platforms for corporate use.

You will use this information in the next step to develop a software

development matrix.

Step 8: Submit a Software Development

Matrix

Develop and submit a one-page matrix that compares and contrasts

open source, commercial, and internally developed software

development methodologies. You may want to use a table in Word or

an Excel spreadsheet. Either will help you to succinctly present your

ideas. Discuss the pros and cons of each to help inform your final

recommendation. Include as criteria cost, software assurance needs

and expectations, software assurance objectives, and a software

assurance coding and development plan. You will use information from

this matrix in your Software Recommendation Memo.

Submit the matrix for feedback.

Submission for Software Development Matrix

Previous submissions

0

Drop files here, or click below.

Step 9: Evaluate Software Maintenance

Whether you are developing or purchasing software, the key to

successful software installation and use is a maintenance plan that

ensures updates are implemented in a timely manner and that guards

against improper uses that could jeopardize the integrity of the

software. Using key tenets of the maintenance elements of the SLDC,

begin developing a software maintenance plan. In preparation for the

maintenance plan, you will need to do the following:

Describe the software, the features, and the security

improvements.

Develop a schedule to implement the recommended software.

Identify potential impacts to mission, risks, and likelihood of

success.

Step 10: Submit Software Maintenance

Plan

Using your findings from the previous step, develop and submit a two-

page white paper for distribution to the team that will be responsible for

implementing the plan. Since this white paper will help you to prepare

the Software Recommendation Memo, it should do the following:

Describe the software features.

Describe the expected impacts on the mission.

Include the implementation schedule.

Submit the white paper to your instructor for review.

Submission for Software Maintenance Plan

Previous submissions

0

Drop files here, or click below.

tep 11: Weigh Software Options

You are finally ready to write your recommendation memo. Before you

begin, look over your research one more time and evaluate your

findings. Identify the software options to consider along with the

associated costs and risks of those options. Your options should

include procurement, development, and open source.

Step 12: Submit the Software

Recommendation Memo

Now that you have weighed the software options, write a memo

recommending an approach to software acquisition for the organization

Use your ideas from the matrix and white paper. Address it to

procurement, with coordination through the chief information officer.

This memo will educate leadership on the importance of making the

right software decisions for the organization, so the memo will describe

the software development life cycle (SDLC) and its applicability to the

current needs of your organization. The three- to five-page

memorandum should accomplish the following:

Articulate the software needs of the organization.

Identify the software options that best meet the organizations

needs.

Make a recommendation for your organization supported by a

rationale.

Describe the key attributes of the software development life cycle

(SDLC).

Describe the weaknesses of commonly used software (word

processing, spreadsheets, email platforms).

Identify any known risks of your recommendation and describe

supply chain risk management your organization could

implement.

Detail the costs involved in your recommendation.

Cite contract language that would be used to ensure that supply

chain, system, network, and operational security were met.

Submit the memo to your instructor.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below,

which your instructor will use to evaluate your work. A good practice

would be to use each competency as a self-check to confirm you have

incorporated all of them. To view the complete grading rubric, click My

Tools, select Assignments from the drop-down menu, and then click

the project title.

6.1: Analyze secure software development methodologies and

describe the cybersecurity issues that each methodology

addresses.

6.4: Systems Life Cycle: Explain systems life cycle management

concepts used to plan, develop, implement, operate, and

maintain information systems.

9.4: Software Security Assurance: Demonstrate secure principles,

methods, and tools used in the software development life cycle.

9.5: Software Security Assurance: Describe the cybersecurity

implications related to procurement and supply chain risk

management.

Submission for Software Recommendation Memo

Previous submissions

0

Drop files here, or click below