System Development or Application Assurance
docx
keyboard_arrow_up
School
The University of Nairobi *
*We aren’t endorsed by this school
Course
CA205
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
8
Uploaded by MagistrateFog22013
1
System Development or Application Assurance
Student’s Name
Institutional Affiliation
2
Assess Software Vulnerabilities
Software Vulnerability Assessment Template
The assignment is to create a more comprehensive list of application software that could place the enterprise at risk of a breach, loss of data, loss of production, and/or loss of brand confide.
Application Software that Could Present Vulnerabilities
3
Review Software Procurement Policy
Upon completion of the software specific vulnerability assessment, conduct a review of the organization's software procurement policies for software development methods
.
Create a Software Procurement Policy List to create a policy list for software procurement. The following are some sample questions to be included
in a software procurement policy:
Does the vendor provide any cybersecurity certifications with the product?
Does the vendor provide access to the source code for the product? Are there other security issues in source code
to be addressed?
What is the guaranteed frequency of security updates to be provided for the product?
What is the implementation process for software updates/upgrades?
Procurement Policy List Template
List appropriate procurement policies to address concerns in the process of software evaluation and acquisition
Procurement Policy List
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Document Relevant Software Acceptance Policies
In other words, do the procurement policies establish the correct cyber security framework for software purchase and do the acceptance policies match?
Software Acceptance Policy Template
Copy the policy list from the previous step into the column on the left. In the column on the right, document your recommendations for specific testing steps to address each of the policy concerns.
Procurement Policy List Test Script Procedures for Software Acceptance
5
Document Software Testing and Validation Procedures
At a minimum, the procedures should address the following questions:
What are potential vulnerabilities inherent in the application platform?
How well does the vendor document preventive measures built into the application?
Are there alternative solutions provided by the vendor or in the application in case of a breach?
What additional safeguards can be added to ensure the security of the software environment
?
Test Script Procedures Template
Procurement Policy Concern Specific Testing Recommendation to Address Each Policy Concern
6
Document Supply Chain Risks
After review, it's time to document supply chain risks. This portion of the overall report requires a two- to three-page narrative that addresses the following supply chain concerns:
1.
Describe cybersecurity implications related to the procurement process.
2.
Provide recommendations that would address these concerns.
3.
Include appropriate supply chain risk management practices.
Where appropriate, cite references to support the assertions in the recommendations and conclusion.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Develop an Acquisition Alignment Report
Keeping the alignment issues in mind from the previous step, prepare a one-page plan to align acquisition, procurement, and outsourcing of software applications for the enterprise. This should be a strategic approach to getting all the functions in alignment. Start with a request for information, proceed through acquisition, testing, and implementation, and finish with ongoing maintenance of the application.
All the work has been done in the previous steps. This step is designed to "bring it all together" in one easy-to-understand approach. The approach will be used in the final step to complete the supply chain analysis with a mitigation plan as it applies to software acquisition and maintenance.
Submit your one-page plan to align acquisition, procurement, and outsourcing efforts with your organization's information security goals here for feedback.
Write the Risk Analysis/Supply Chain Threats/Mitigation Report
Title Page
o
Include:
for whom you are preparing the document, the title, the date prepared, and your name as the preparer of the document
Table of Contents
o
with all sections
Overview
o
Include:
introduction and purpose of the report
Software Vulnerability Assessment
(one-column table from Step 1)
o
comprehensive list of application software that could present vulnerability concerns
Procurement Policy List and Acceptance Procedures
(two-column table from Step 4)
8
o
Policies of concern and specific procedures to test them
Testing and Validation Procedures
(from Step 6)
o
Include specific testing and validation recommendations
Supply Chain Cyber Security Risk
(two- to three-page report, Step 9)
o
Include:
identified cybersecurity risks in the procurement process of the supply chain concerns and security recommendations.
Acquisition Alignment
(one-page report: Step 11)
o
Include:
recommendations for alignment of the supply chain processes from start to ongoing maintenance
Software Risk Mitigation Recommendations
(two- to three-page report, Step 13)
o
Include:
proposed software risk mitigation recommendations