Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applications & Systems Development A very brief overview of the SDLC and the security issues involved.

Published byGwen Sutton Modified over 8 years ago

Similar presentations

Presentation on theme: "Applications & Systems Development A very brief overview of the SDLC and the security issues involved."— Presentation transcript:

1 Applications & Systems Development A very brief overview of the SDLC and the security issues involved.

2 Generic Systems Engineering Process  Discover Needs  Define System Requirements  Design System Architecture  Develop Detailed Design  Implement System  Assess Effectiveness of System

3 System Requirements Software Requirements AnalysisProgram Design CodingTesting Operations & Maintenance A simplistic software development model

4 System Requirements System Requirements AnalysisDesignCodingTesting Operations & Maintenance The Waterfall development model Going back only one stage limits rework and enhances control

5 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance A modified Waterfall development model that enforces comparison against specific baselines Validation Verification Unit Testing Verification System Test Revalidation Verification: doing the job right Validation: doing the right job

6 The Spiral Model

7 Cost Estimation Models :-) Basic COnstructive COst Model COCOMO –Cost as a function of lines of code Man Months (MM) = 2.4 * 1000s of delivered source instructions Development Schedule = 2.5(MM).38 Function Point Measurement Model –I/O types, internal file types, interfaces, etc Software Life Cycle Model (SLIM) –Manpower buildup index –Productivity factor

8 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Info sec policy, standards, legal issues, early validation of concepts

9 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Threats, vulnerabilities, sec requirements., reasonable care, due diligence, legal liabilities, cost/benefit, level of protection desired, test plans, validation

10 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Incorporating security specs, adjust system & security test plans & data, determine access controls, design docs, evaluate encryption options, verification, business continuity plans

11 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Develop security related code, unit testing, reuse other modules if possible, support business continuity plans, docs

12 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Integrate security components, test integrated modules per plans, refine docs, conduct security related product verification

13 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Install security software, run system conduct acceptance testing, test security software, certify docs & accreditation (if necessary)

14 System Requirements Software Requirements Product Design CodingIntegration Product Implementa- tion Operations & Maintenance Security life cycle components Validation Verification Unit Testing Verification System Test Revalidation Revalidate security controls, penetration testing, vulnerability analyses, manage change requests, implement change control, make changes, evaluate performance, update docs, recertify

15 Testing Unit testing Done by separate personnel Check all I/O, modules, files, security, etc

16 Extreme Programming (XP) Principles Feedback: most useful if it is done rapidly. Assuming simplicity: treating every problem as if it can be solved "extremely simply". Incremental changes: small releases Embracing change: not working against changes but embracing them.

17 Manifesto for Agile Software Development We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value: –Individuals and interactions over processes and tools –Working software over comprehensive documentation –Customer collaboration over contract negotiation –Responding to change over following a plan That is, while there is value in the items on the right, we value the items on the left more.

18 Maintenance Phase 1.Request Control Establish request priorities, do Cost estimates User Interface Determine tools to use, determine change effects on other code 2.Change Control Recreate & Analyze the problem Develop changes & tests Quality Control Document changes, & recertify 3.Release Control

19 Software Capability Maturity Model (CMM) Phase 1: Initiate –Format improvement initiative –Management approval Phase 2: Diagnose –Assess current systems Phase 3: Establish Action Plan Phase 4: Action Phase 5: Leverage –Review changes and process looking for improvements

20 Object Oriented Systems OO Requirements Analysis OO Aanalysis Domain Analysis OO Design OO Programming Object Request Brokers: CORBA, SOAP

21 Artificial Intelligence Systems Expert Systems (ES) –algorithm + data structures = Normal Program –Inference engine + knowledge base = ES Blackboards Bayesian Networks Fuzzy logic Neural Networks: weighted inputs to “neurons” yield outputs, “training period” Genetic Algorithms: evolutionary computing, fitness values, cross breeding, mutation

22 Database Systems Hierarchical Mesh Object Oriented Relational

23 DB Security Issues Views Granularity Aggregation: –combining higher sensitivity with lower Inference –Users “guessing” higher level values Multiple connections, backups, etc Data warehousing & Mining

24 Application Controls Service Level Agreements –Turn around time, avg response time, number of users, system utilization rates, up times, transaction volumes, problem resolution Control Types –Preventative –Detective –Corrective

25 Preventative Controls Accuracy –Data checks, forms, custom screens, validity checks, contingency planning, & backups Security –Firewalls, reference monitors, sensitivity labels, traffic padding, encryption, data classification, one-time passwords, separation of development & testing Consistency –Data dictionary, programming standards & database

26 Detective Controls Accuracy –Cyclic redundancy checks, structured walk- throughs, hash totals, reasonableness checks Security –Intrusion detection systems, audit trails Consistency –Comparison controls, relationship tests, reconciliation controls

27 Corrective Controls Accuracy –Backups, control reports, before/after imaging, checkpoint restarts Security –Emergency response & reference monitor Consistency –Program comments & database controls

28 System Architecture Issues Distributed Systems –Agents, applets, “sandbox,” virtual machines –P2P Centralized –Easier to protect Real Time

Download ppt "Applications & Systems Development A very brief overview of the SDLC and the security issues involved."

Similar presentations

Testing Relational Database

Testing Relational Database
The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Chapter 2 Modeling the Process and Life Cycle Shari L. Pfleeger

Chapter 2 Modeling the Process and Life Cycle Shari L. Pfleeger
Systems Analysis & IT Project Management Pepper. System Life Cycle BirthDeathDevelopmentProduction.

Systems Analysis & IT Project Management Pepper. System Life Cycle BirthDeathDevelopmentProduction.
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Chapter 2 – Software Processes

Chapter 2 – Software Processes
Approaches to Systems Development

Approaches to Systems Development
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Controls – What Works

Security Controls – What Works
Software Process and Problem Statements CSSE 371, Software Requirements and Specification Mark Ardis, Rose-Hulman Institute September 3, 2004.

Software Process and Problem Statements CSSE 371, Software Requirements and Specification Mark Ardis, Rose-Hulman Institute September 3, 2004.
Chapter 1 Assuming the Role of the Systems Analyst

Chapter 1 Assuming the Role of the Systems Analyst
Lecture 13 Revision IMS9001 - Systems Analysis and Design.

Lecture 13 Revision IMS Systems Analysis and Design.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.
DATABASE DEVELOPMENT STRATEGIES TOP DOWNTOP DOWN –Large scale application driven by strategic objectives –General  Specific –Organization-wide (“data.

DATABASE DEVELOPMENT STRATEGIES TOP DOWNTOP DOWN –Large scale application driven by strategic objectives –General  Specific –Organization-wide (“data.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Software Engineering Institute Capability Maturity Model (CMM)

Software Engineering Institute Capability Maturity Model (CMM)
Software engineering Process models Pavel Agejkin.

Software engineering Process models Pavel Agejkin.
Acquiring Information Systems and Applications

Acquiring Information Systems and Applications

Similar presentations

Ads by Google