Implementing Software Security Assignment Help
Describe the steps you would take in setting up such a program. Which model would you select? What would be your initial proprieties?
How will you monitor the progress of your program?
Order new copy of Implementing Software Security assignment & get high quality solutions from subject’s tutors!
Introduction
With the advancementof technology, most of the companies have implemented their functional software. The software development program is defined as a framework used by most of the organizations to design applications, starting from inception to the decommissioning. However, with the increase in business risks related to insecure software, the demand for introducing secure software development program in the organizations have increased. A secure software development program is created by including security-related activities to the existing software program (Christakis, & Bird, 2016). The present report has outlined the steps involved in implementing software security in a mid-sized company.
Steps involved in setting of secure software development program
The implementation of secure software development program processes need to be followed in a stepwise procedure.
The first step includes, studying the culture of the organization. The organizational culture must be examined while planning for the setting of a new software development program. It includes the response of the upper management and engineering team towards corporate mandates. It is highly necessary to consider the culture of the organization so that they can easily adapt the software program. Further, the key managers' involvement for supporting and communicating the security initiative will be identified. After that, expert engineering teams will be selected to conduct a pilot test of the program (Takanen, Demott, Miller, & Kettunen, 2018).
The second step involves the analysis of the skill required for operating the program. In this step, a certain level of technical training will be provided to the employees working on the program, to make them aware of its working and able to achieve the desired output. For this purpose, the expertise level required in the secure development program in the company such as cryptography expertise or threat modelling expertise will be identified and training will be provided accordingly.
The third step is the product development model. Execution of this step will help to minimize the friction with engineers and host them to move faster by incorporating security tools.
The fourth step is to identify the scope of the initial deployment of the program. It is often found that the companies implementing secure development program face resource constrained. In such a situation, they require to find out different ways for prioritizing the roll out across the company. Some of the suggested options for prioritizing roll out includes, (i) starting with a subset of the secure development program, despite full-scale implementation, (ii) considering the product release roadmap, (iv) considering the allowing time for the transformation to full adherence (Takanen et al, 2018).
Then, the fourth step is stakeholder management. It involves the identification of stakeholders required to put existing communication and rolling out the program. in this step, compliance measurement is also conducted, where a new set of security guidelines will be followed. Risk control measurement will act as a compliance indicator for the program.
The final step is to assure that the value proposition which is articulated according to business knowledge. This step is necessary, because, at some point of time the engineering team or the management team might question the funding behind the software security. Thus, as a mature development program, it is necessary to have good indicators for articulating the value of the program, which in turn drives appropriate behaviour of the employees.
The model selected for secure software development program
The selected secure software development program for the given mid-sized company is Open Security Assurance Maturity Model (Open SAMM). The Open SAMM model is chosen for the company because it is highly flexible and can be customized according to the requirement. It was developed by the OWASP project in the year 2009 and has undergone several updates tilldate (Haq, Anwar, Ahsan, & Afzal, 2017). The company can use it in the form of a base and then can further change it according to suitability. Due to its flexibility, Open SAMM is an appropriate framework for small, medium and large enterprises. In addition to this, this model is installed in the organization-wide for either an individual project or a single line of business. Being an open framework, its content is vendor-neutral and is always available for free for public use. It will help the company to focus on the existing resources and determine the components of the secure software development program needed for privatization (Haq et al, 2017). The Open SAMM emphasizes on the mapping software development activities towards the business functionalities of the security practices. It is comprehensive in nature which comprises of all aspects of application security and allows evaluation of each application within 1 hour.
Initial proprieties for setting up the program
For setting up the Open SAMM model in the security development program, four proprieties (business functions) are required to be followed.
The first propriety is Governance, which defines the way application security needed to be managed. This functional area is subdivided into three sub-areas, strategy and metrics, education and guidance, and policy and compliance. The strategy and metrics focus on generating an organization-wide framework for measuring security assurance. The education and guidance focus on educating people related to software security. The policy and compliance factor emphasize on creating interest among the employees to adhere to the security aspects.
The second propriety is Construction, which will explain the approach (processes and activities) in which software is required to be built. It is also for the subdivided into, security requirements, threat assessment, and secure architecture. For knowing about Security requirements, it is necessary to understand the business requirement for software development. In threat assessment, potential threats for software development are analyzed. A secure architecture is considered for the security of the software framework.
The third propriety is Verification, which defines the activities required for testing the software is secure and ensures the modules are built currently (Kalaimannan, & Gupta, 2017). It is also subdivided into three categories, design review, code review, and security testing. The design review phase emphasizes reviewing design artefacts for testing the secure design of the software. The code review phase empathizes on identifying security vulnerabilities through the static source code. The security testing checks the secure functionality of the software. It identifies any potential security vulnerability in the software during that run time.
The fourth propriety is Deployment, which explains the method required for deploying and supporting applications in production. The deployment business area is further subdivided into environment hardening, operational enablement, and vulnerability management.
Environment hardening emphasizes on securing the operational environment and baselining. Subsequently, it will improve the security of the deployed software in the company's network. The operational enablement phase focus on developing a positive bonding with the development team (Kalaimannan et al, 2017). The vulnerability management phase works by tracking vulnerabilities on external researchers and the internal security team.
Ways for monitoring the progress of the software development program
After the implementation of the software development program, it is the responsibility of the engineering team and management team to monitor the development of the program on a regular interval. For this purpose, software metrics can be used as a measure of the software. Software metrics are basically related to the four functions of management, organization, planning, control, and improvement. In order to check the progress of the software development program, the software metrics are communicated to the software development team as a predefined goal. This approach we had to reduce the line of codes and the number of reported bugs, and eventually, increase the speed of task completion. Another approach for monitoring progress is to track the trend, rather than just numbers. Monitoring trends will show the impact of any process change on the overall progress. In case the ongoing trend shows progress towards the objective, then it offers insight on how to achieve the goal. Another method is to set shorter measurement periods for the software development team to measure progress. By breaking the overall measurement time into a smaller time frame, they can easily check the trend approaching towards progress or failure (Tung, Lo, Shih, & Lin, 2016). In this way, if the trend is moving towards failure, then the development team can modify the software for productive output. Furthermore, a shorter time period provides numerous data points which can be used for goal achievement. In conjunction with the progress examination, it is equally important for the development team to monitor the software from an external threat such as data breaching. Breaching leads to the disclosure of confidential information and becomes a threat for continuity of business operation. In this context, it is required for each employeeto have detailed understanding of the business regulatory policies and compliance requirements. The users of the software will be given additional training for risk identification and technical controlimplementation.
Conclusion
In brief, the present report illustrates the steps involved in implementing a secure software development program. In the given mid-sized company, the Open SAMM model of software security program has been selected for its flexibility. Important concepts related to software security, such as proprieties for program setting and methods of program monitoring are discussed in detail. It is believed that the information provided here will prove useful for other organizations while implementing software security.
Are you looking for reliable Implementing Software Security assignment help services? Expertsminds.com is right choice as your study partner!