User Account

All Pages

Prepare a plan for the training of the software developers

Assignment Help Software Engineering
Reference no: EM131726508

Throughout this course you will be working on several aspects of software assurance and the security development life cycle (SDLC), which will result in a complete software assurance guidelines document for a company of your choosing. Software assurance promotes standards, processes, tools, and techniques to produce software with a reduced risk of security breaches.

Each week, you will complete a part of the software assurance guidelines document. The final draft is due at the end of the course.

You will select an organization, and apply your research to the analysis and development of software assurance policies and processes that would be appropriate for the organization and the software applications they produce for the government. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course's Key Assignment, which you will make contributions to each week.

Project Selection:

The first step will be to select an organization as the target for your software assurance guidelines document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:

• Nontrivial: The selected organization should be large enough to allow reasonable exercise of the software assurance guidelines planning process.

• Domain Knowledge: You should be familiar enough with the organization to allow you to focus on the planning tasks without significant time required for domain education.

• Accessibility: You should have access to the people and other information related to the organization. This will be an important part of the planning process.

The selected organization may already have software assurance guidelines in place and still be used as the basis for the projects in this course. The selected organization must produce software applications for the government, and is therefore subject to software assurance requirements. It is understood that such an organization may not be readily accessible. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of organization selection.

Select an existing organization, or identify a hypothetical organization that fits the requirements listed above. Submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval.

Assignment:

For the assignments in this course, you will not be implementing any software assurance policies or procedures. You will be developing a comprehensive software assurance guidelines document. Your first task in this process will be to select an organization (or identify a hypothetical organization) to use as the basis of your projects. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project deliverable. Appropriate research should be conducted to support the development of your guideline document, and assumptions may be made when necessary.

The project deliverables are the following:

• Submit your organization proposal to instructor for approval.
• Create a software assurance guidelines document shell in Word. It should include the following:

• Create a title page

o Course number and name
o Project name
o Student name
o Date

• Table of contents (TOC)

o Use autogenerated TOC
o Separate page
o Maximum of 3 levels deep
o Update the TOC before submitting your project

• Section headings (create each heading on a new page with "TBD" as content, except for sections listed under New Content below)

o Project Outline
o Security in the Development Life Cycle
o Software Assurance Techniques
o Security in Nontraditional Development Models
o Security Static Analysis
o Software Assurance Policies and Processes

• New Content

o Project outline and requirements

- Brief description of the organization (can be hypothetical) and where the guidelines will be implemented
- Company size, location(s), and other pertinent information
- List of the software applications provided by the company for the government
- The software list must include at least 1 desktop and 1 Web application.
- A database must be used with one of the applications.
- A summary of the software development organization within the company, employees and reporting structure, systems and technologies used for software development, testing, source control, and document storage

- Material can be taken from the approved proposal that was submitted to the instructor (ensure that this project is approved by the instructor).

o Security in the development life cycle

- Provide an outline of the SDLC model that is used in your organization, including each of the major phases.
- This should be a traditional SDLC. Extended models, such extreme programming, will be covered in a later section.
- Identify specific components of the security development model that can be applied to each of the phases of your SDLC model.
- For each pairing of security development model component to SDLC model phase, describe how the security model is applied and the major tasks that are involved.

Complete the Software Assurance Techniques section.

• Analysis:

o List and describe at least 3 software applications that are produced by the organization. The applications must include at least 1 desktop application and 1 Web application.

- One of the applications must use a database for data storage.

o Identify at least 2 areas of each application that are at security risk, and describe the possible threats and their implications to the organization and to the client (in this case, the government).

o For each security risk, identify at least 1 software assurance technique that can be applied to reduce the security threat.

• Guidelines:

o Based on the analysis that was performed in the previous step, prepare a set of software assurance guidelines that the organization can use for all of the applications that it creates.

o Guidelines should be categorized by the type of software application and if the application is using a database for data storage or not.

o Guidelines should identify the software assurance technique to be applied, and they should provide sufficient detail to allow the software development group to implement the technique.

Security in Nontraditional Development Models section:

• Identify a non-traditional software development model that could be used by your company.

• Provide a summary of the major steps in the development model, and describe the potential security threats for each step.

• Using the security development model as the foundation for analysis, develop and document appropriate policies and processes for each security risk that will minimize the threat.

• Association with the security development model should be demonstrated in the policies and processes.

Complete the Security Static Analysis section:

• Prepare a design for an application your organization might produce.

• Include appropriate diagrams to identify the major components of the application.

• Describe the major components and potential security issues where appropriate and as related to the security development model.

• Create code samples in C, C++, or Java to illustrate the tenets of the security development model.

• Identify at least 3 security static-analysis tools, and prepare guidelines for how they would be used in the sample code and throughout the software development in the company

• Software Assurance Policies and Processes section:

• Prepare a plan for the training of the software developers in the organization on the new software assurance guidelines.

• Define the metrics that will be collected to track the effectiveness of software assurance in the company.

o Include a description of how each of the metrics will be obtained and used.

• Identify the roles and responsibilities of the members of the security team with respect to software assurance in the organization.

• Software assurance guidelines document, final version:

• Review the entire document for any changes and improvements you would like to make.

• Ensure that this final version of the plan is sufficiently detailed to allow the organization to confidently move forward with software assurance based on your findings.

• Any previous instructor feedback should be addressed with appropriate changes.

Reference no: EM131726508

Questions Cloud

How many times will this individual visit the doctor now : How much of a premium does the insurance company charge for the policy in part b assuming that the insurance company makes 0 profits?
Define text indicate two social interaction theories : According to the on-lesson and text indicate two social interaction theories that staff at the residential care facility support
How can you help your co-worker understand normalization : How can you help your co-worker understand normalization? Give examples and explanations here that will help him/her get the most out of the conference.
You believe demonstrates that form of co-branding : In your discussion be sure to provide a specific example of a company that you believe demonstrates that form of co-branding.
Prepare a plan for the training of the software developers : Complete the Security Static Analysis Prepare a plan for the training of the software developers in the organization on the new software assurance guidelines.
What is the difference between allopathic and homeopathic : Identify two concepts that you have learned in this course so far and explain why medical students need to be taught these concepts
Why would you want to keep those rights : Is it possible to have a system or database that would not have all CRUD rights?
What is the company inventory turnover ratio : What is the Company's Inventory Turnover ratio for 2015? What inventory cost flow assumption does the Company apply for 2015
What policies can help solve this challenge : What do you think is the most challenge issue we are facing today? What policies can help solve this challenge?

Reviews

Write a Review

Software Engineering Questions & Answers

  Compare the six core processes in the sdlc

Compare the six (6) core processes in the SDLC. Give your opinion on which one you believe is the least important in developing software, and explain why. Give your opinion on which one you believe is the most important in developing software, and..

  Find the common level of instruction

Find the common level of instruction that is needed to increase the knowledge base of all of their users

  Choose a phase in the systems development life cycle and

choose a phase in the systems development life cycle and describe the tasks that make up the phase. what are some

  Use pom-qm for windows software to solve forecasting problem

The purpose of this simulation project is to provide you with an opportunity to use the POM-QM for Windows software to solve a forecasting problem

  Describe two requirements of the software as service

Describe two requirements of the software as service and the subscription economy as outlined in the Forbes article. Explain how your selected requirements affect the subscription business model.

  Compare and contrast software development process models.

Compare and contrast software development process models.

  Software implementation and software quality

Work packages are divided into three functional areas - Software Engineering, Software Implementation and Software Quality. The software engineering requires all the necessary engineering research, design and planning effort along with the docume..

  Use of service-oriented architecture

Giving reasons for your answer, suggest two types of applications where you would not recommend the use of service-oriented architecture and why.

  According to the textbook there are at least two 2

according to the textbook there are at least two 2 approaches to the sdlc two 2 approaches to software construction and

  Comprise a discussion of the information-gathering methods

write a 1400- to 2100-word paper that analyzes a work-related project using systems analysis for a selected business

  Determine how to implement the project based on the

assume that you are approaching the implementation and deployment phases of the online course management system that

  A determine what variables explain likelihood of passing

a determine what variables explain likelihood of passing to each stage of funneli inquire for information ii attend

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd