Project 3: Software Weaknesses
Step 3: Explore the Software Development Life Cycle (SDLC) (1page)

Now that you understand SCRM, you will complete a software development life cycle assessment. The software development life cycle (SDLC) is a process used to develop, maintain, replace, and change software. The overall purpose of SDLC is to improve the quality of software through the development and implementation process.

As part of your assessment, include the following information:

• Note how various entities are currently using SDLC to implement software.
• Identify and take note of successful implementations, describing the results.
• Identify software development methodologies for common software applications and cybersecurity standards organizations

Step 4: Identify Key Implementation Attributes (1 page)

In the previous step, you explored SDLC, the ways other organizations are implementing it, and best practices. Now, you are ready to guide your own organization through the process of developing software.

Start by considering the needs of your organization. Currently, the accounting month-end closing procedures involve extracting data from the accounting database into spreadsheets, running macros within the spreadsheets, uploading new data into the accounting database, and emailing generated spreadsheet reports and word processing memos. Brenda, the director of Accounting Systems, would like this process automated without putting financial data at risk during or after the implementation.

Review topics on databases for operational data, database management systems, and how a database works.

Based on this needs analysis, you decide to focus on the SDLC maintenance phase:

• Identify the key factors to successful maintenance and the implementation of this phase.
• Identify potential obstacles to success and ways to anticipate and mitigate them.

Step 5: Examine Software Assurance (1 page)

Businesses depend on the safe operations of systems. The level of confidence a business or other entity has that its software is free from vulnerabilities is referred to as software assurance (SwA). As the final step before your assessment, research SwA and other topics related to preventing and fixing software vulnerabilities.

In your research, make sure to complete the following:

• Evaluate the major steps, underlying theory, and relative usefulness of software security testing, white box and black box software security testing, the Common Criteria/Common Criteria Evaluation and Validation Scheme (CCEVS), and the Common Criteria (CC) for Information Technology Security Evaluation.
• Identify and evaluate state and federal cybersecurity policies underlying the application, scope, and selection of secure software development methodologies.
• Determine when to perform a risk analysis.
• Evaluate security concerns that arise during the acceptance phase of software development.
• Describe the testing and validation process from a cybersecurity policy standpoint.
• Identify the ways in which SwA ensures trustworthiness, predictable execution, and conformance.
• Identify SwA best practices.
• Identify innovations in the provision of SwA that you have found in your research.

Step 6: Prepare a Software Development Life Cycle Assessment (5 pages)

Integrating the information that you have gathered on software development in the last few steps, develop either a five-page summary assessment of the software development life cycle, including your view on its importance to software security. This assessment will provide foundational support for your final recommendation.

Be sure to do the following:

• Describe basic models and methodologies of the software development life cycle.
• Identify a development methodology that fits your organization and explain why.
• Describe the phases of the software life cycle.
• List and discuss the security principles you would need to consider and explain how you would apply them throughout the software life cycle.
• Describe the elements of a maturity model
• STEP
  6
  Five
  page summary.
• -Introduction
• -Phases
  of SDLC (1 para)
• -Basic
  models and methology (4-5 paragraphs)
• -Security
  principals you need to consider and explain how you would apply them (1 para)
• -Elements
  of a Capability Maturity Model (1 para)
• -Conclusion
• -References