Katie Coelman_cy513_project part 1
docx
keyboard_arrow_up
School
University of West Alabama *
*We aren’t endorsed by this school
Course
513
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
8
Uploaded by ProfessorSalmon327
Project: Software Assurance & Security
Katie Coleman
University of West Alabama
CY513 - Software and Systems Reliability and Safety
Dr. Perez
Table of Contents
Abstract
3
Project Overview
4
Literature Review
5
Rationale
6
Summary of Findings
7
Recommendations & Conclusion
8
References
9
Abstract
The purpose of this research project is to prepare a report on software assurance and
security. The research will assume the role as the Chief Information Security Officer for a mid-
size software development company. It is important to understand the role and what the role
entails. The research will detail the importance of the role in detail and explain what the officer
does and tasks along with methods to implement them. The research will provide methods,
standards, and best-practices related to developing secure software. Through focusing on the
information security program in a mid-size software development company that includes
securing various assets of the organization which includes applications used in organization,
systems used in the workplace of the organization and technology implemented across the
organization. With this research we will find why it is important to implement secure software
development methods. It will show what it entails and why there is a business case for doing so.
We will review the findings of our research which includes the summary of secure software
development best practices, standards, requirements, and methods. This research will include
recommendations and comments in regards of what steps to take to ensure the software
development organization is developing secure and safe software.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Project Overview
Assuming the position of the Chief Information Security Officer, CISO, it is
important to know the role. The CISO develops secure processes to ensure that the systems are
secure from outside attacks, develop processes to avoid cyber-attacks along with detecting and
mitigating the same, manage risks associated with the newer technology. The CISO implements
framework and strategies to ensure that cybersecurity is implemented across various components
of the organization. The CISO develops and justifies the investments done by the organization in
cybersecurity and also ensures that cybersecurity compliance are followed and implemented
within the organization. Reviewing scholarly articles, the researcher will provide methods,
standards, and best-practices that relate to developing secure software. This will include
information security programs that secure various assets of the organization and why it is
important. This research will include seven scholarly articles to support our research findings.
The articles will support why software development organization should implement secure
software development methods. The research will discuss what methods and what all it entails to
ensure secure software development methods. The research will support software development
best practices, standards, requirements, and methods. The research will detail steps that
organizations should take that will help ensure they are developing secure and safe software. It
will go into details on how methods, best practices and standards should be implemented and
how organization can accomplish them.
Literature Review
Software needs to be designed, built, delivered, and maintained efficiently to be safe and
secure. The research shows the importance of software assurance and security and supports the
importance of secure coding. The research suggests and supports …..?
Managing the threats we
face today in cyberspace requires a layered system of security, with vendors building more
secure software, integrators ensuring that the software is install correctly, operators
maintaining the system properly, and end users using the products in a safe and secure
manner.
Software assurance is the level of confidence that a software functions as intended and is free of
vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software
throughout the lifecycle.
Software assurance encompasses the development and implementation
of methods and processes for ensuring that software functions as intended while mitigating the
risks of vulnerabilities, malicious code or defects that could bring harm to the end users. It is
vital for securing the security of critical information technology resources and addressing
assurance through every stage of application development.
Software security is critical because attacks on a system can cause extreme damage to
any piece of software while compromising integrity, authentication, and availability.
Secure software development helps organization develop secure software that is resistant to
attacks and can protect sensitive data. There are best practices for administrating security in
software application and should be done in each stage of software development lifecycle (
Khan,
R. A., Khan, S. U., Alzahrani, M., & Ilyas, M., 2022.)
Security training is needed to the development
team and employees to be well-versed in information security. Defining security reequipments
needs to be done in the early stages of product development. In the early design phase,
identifying and addressing potential threat to the application and ways to reduce those risks to a
minimal level. The product development team should implement secure programming practices.
Careful handling of source code is another best practice. Security testing will guarantee that the
security requirements are met, and the secure design and coding guidelines were followed.
Security documentation must include treatment of security issues and how to properly configure
security controls and how configure options could expose potential security vulnerabilities. The
developer needs to evaluate, document, and assess risks posed by potential security gaps in the
product and ensure security readiness for the system. Another best practice is security response,
making sure any security vulnerabilities are handled through incident response and
communicated to mitigate the vulnerability. Ensuring an integrity verification such as signed
code for verifying that the software is produced by a trusted vender. Investigating into new
technologies which delivers news threats vectors and mechanisms to mitigate the threats and
vulnerabilities. Leaders promoting software assurances by discussing their practices, findings in
open forums, articles, papers, and books.
Secure coding protects against secrets and business data from leaking into the public
domain. Programmers need to practice secure coding skills. This means that inspecting the
application source code to help identify the vulnerabilities because of coding errors and
implementing secure programming practices that reduce frequency and severity of the coding
errors. Secure coding practices include reviewing the source code with the use of combination of
analysis tools for identifying potential security defects. Much like xxx “secure coding practices is
a guideline of implementing a secure software development framework in order to mitigate most
common software vulnerabilities”
Software Development
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
There are several different software development methodologies, but they all share common
elements which are: concept, requirements, design and documentation, programming, testing,
integration and internal evaluation, release, and maintenance, sustaining engineering and incident
response.
Sodanil, M., Quirchmayr, G., Porrawatpreyakorn, N., & Tjoa, A. M. also states that
SDL there are seven processes: training, requirement, design, implementation, verification,
release, and response. Khan, R. A., Khan, S. U., Alzahrani, M., & Ilyas, M. also states that the
common phases of software development lifecycle include requirement, design, coding, testing,
deployment, and maintenance.
Graff, M., & Van Wyk, K. R. (2003).
Secure coding: principles and practices
. " O'Reilly Media, Inc.".
https://books.google.com/books?
hl=en&lr=&id=dD60dU9Xvj4C&oi=fnd&pg=PR11&dq=secure+coding+for+software+develop
ment+organization+&ots=jZW2ogpax4&sig=hzIBOHAEGdLbx1Ch5Vwb2hetTf4#v=onepage&
q=secure%20coding%20for%20software%20development%20organization&f=false
Khan, R. A., Khan, S. U., Alzahrani, M., & Ilyas, M. (2022). Security assurance model of software
development for global software development vendors.
Ieee Access
,
10
, 58458-58487.
https://ieeexplore.ieee.org/abstract/document/9782440
Mead, N. R., Allen, J. H., Conklin, W. A., Drommi, A., Harrison, J., Ingalsbe, J., ... & Shoemaker, D.
(2009). Making the Business Case for Software Assurance.
https://citeseerx.ist.psu.edu/document?
repid=rep1&type=pdf&doi=d0b53c7de5728eca0ff7fc92adb1836074760f3a
Black, P. E., Guttman, B., & Okun, V. (2021). Guidelines on minimum standards for developer verification
of software.
arXiv preprint arXiv:2107.12850
.
https://arxiv.org/pdf/2107.12850.pdf
Wagner, E. L., Scott, S. V., & Galliers, R. D. (2006). The creation of ‘best practice’software: Myth, reality
and ethics.
Information and Organization
,
16
(3), 251-275.
https://www.sciencedirect.com/science/article/abs/pii/S1471772706000121
https://www.researchgate.net/profile/Erica-Wagner-
4/publication/30522511_The_creation_of_'best_practice'_software_Myth_reality_and_ethics/lin
ks/5cf18366299bf1fb184e747b/The-creation-of-best-practice-software-Myth-reality-and-
ethics.pdf
Williams, L. (2010). Agile software development methodologies and practices. In
Advances in
computers
(Vol. 80, pp. 1-44). Elsevier.
https://www.sciencedirect.com/science/article/abs/pii/S0065245810800014
Sodanil, M., Quirchmayr, G., Porrawatpreyakorn, N., & Tjoa, A. M. (2015, July). A knowledge transfer
framework for secure coding practices. In
2015 12th International Joint Conference on Computer Science
and Software Engineering (JCSSE)
(pp. 120-125). IEEE.
https://ieeexplore.ieee.org/abstract/document/7219782
van Wyk, K. R., & McGraw, G. (2005). Bridging the gap between software development and information
security.
IEEE Security & Privacy
,
3
(5), 75-79.
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1514408