cy513_project_Project 2.docx

Project: Software Assurance & Security Katie University of West Alabama CY513 - Software and Systems Reliability and Safety Dr. Perez

Table of Contents Abstract 3 Project Overview 4 Literature Review 5 Rationale 9 Summary of Findings 11 Recommendations & Conclusion 12 References 13

Abstract The purpose of this research project is to prepare a report on software assurance and security. The research will assume the role as the Chief Information Security Officer for a mid- size software development company. It is important to understand the role and what the role entails. The research will detail the importance of the role in detail and explain what the officer does and tasks along with methods to implement them. The research will provide methods, standards, and best-practices related to developing secure software. Through focusing on the information security program in a mid-size software development company that includes securing various assets of the organization which includes applications used in organization, systems used in the workplace of the organization and technology implemented across the organization. With this research we will find why it is important to implement secure software development methods. It will show what it entails and why there is a business case for doing so. We will review the findings of our research which includes the summary of secure software development best practices, standards, requirements, and methods. This research will include recommendations and comments in regards of what steps to take to ensure the software development organization is developing secure and safe software.

Project Overview Assuming the position of the Chief Information Security Officer, CISO, it is important to know the role. The CISO develops secure processes to ensure that the systems are secure from outside attacks, develop processes to avoid cyber-attacks along with detecting and mitigating the same, manage risks associated with the newer technology. The CISO implements framework and strategies to ensure that cybersecurity is implemented across various components of the organization. The CISO develops and justifies the investments done by the organization in cybersecurity and also ensures that cybersecurity compliance are followed and implemented within the organization. Reviewing scholarly articles, the researcher will provide methods, standards, and best-practices that relate to developing secure software. This will include information security programs that secure various assets of the organization and why it is important. This research will include seven scholarly articles to support our research findings. The articles will support why software development organization should implement secure software development methods. The research will discuss what methods and what all it entails to ensure secure software development methods. The research will support software development best practices, standards, requirements, and methods. The research will detail steps that organizations should take that will help ensure they are developing secure and safe software. It will go into details on how methods, best practices and standards should be implemented and how organization can accomplish them.

Literature Review Software needs to be designed, built, delivered, and maintained efficiently to be safe and secure. The research shows the importance of software assurance and security and supports the importance of secure coding. The research suggests and supports that no matter the type of software or its functionality mitigating risks and vulnerabilities to the software is done so through implementing security through all phases. Managing the threats we face today in cyberspace requires a layered system of security, with vendors building more secure software, integrators ensuring that the software is install correctly, operators maintaining the system properly, and end users using the products in a safe and secure manner. Software assurance is the level of confidence that a software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle ( Mead, N. R., Allen, J. H., Conklin, W. A., Drommi, A., Harrison, J., Ingalsbe, J., ... & Shoemaker, D. (2009.) Software assurance incorporates the development and implementation of methods and processes for guaranteeing that the software functions as intended. It mitigates the risks of vulnerabilities, malicious code or waaknesses that could bring harm to the end users. Security training, coding standards, policies, testing, and techniques all contribute to software assurance ( Black, P. E., Guttman, B., & Okun, V. (2021.) It is vital for securing the security of critical information technology resources and addressing assurance through every stage of application development. An organization cannot have software assurance without software security. The goal of Software security is to maintain the confidentiality, integrity, and availability of information resources to enable a successful business operation which is accomplished through security controls ( Sodanil, M., Quirchmayr, G., Porrawatpreyakorn, N., & Tjoa, A. M.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help