White Paper Security in Software Development Life Cycle

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "White Paper Security in Software Development Life Cycle"

Transcription

1 White Paper Security in Software Development Life Cycle Trojan Horses: Emmanuel Franklin Jonathan Newland Showanda Smith Anh Cao Information Systems and Technology (IS&T) has become an essential part of everyday life. Today people perform daily activities and transactions through Internet, ATM, and mobile devices for multi-purposes. Because people use software bearing in mind that it is reliable and can be trust upon and the operation they perform is secured. It is a very important to continue to keep these people feel safe and secured when using IS&T and to prevent any exploitable security holes... G e o r g i a S t a t e U n i v e r s i t y

2 Table of Contents Executive Summary... 3 I. Introduction... 3 II. Security in Software Development Life Cycle... 5 Traditional Waterfall SDLC... 5 Agile Methodology SLDC SecSDLC Certifications and Credibility: III. Conclusion White Paper: SecSDLC 2

3 Executive Summary Information Systems and Technology (IS&T) has become an essential part of everyday life. Today people perform daily activities and transactions through Internet, ATM, and mobile devices for multi-purposes. Because people use software bearing in mind that it is reliable and can be trust upon and the operation they perform is secured. It is a very important to continue to keep these people feel safe and secured when using IS&T and to prevent any exploitable security holes. Now, security brings value to software in terms of peoples trust. The value provided by secure software is vital because many critical functions are entirely dependent on the software. That is why security in software development is a serious topic, which should be given proper attention during the entire SDLC, right from the beginning. In this White Paper, we would like to discuss a few following topics respectively: an introduction of software development life cycle, security in software development lifecycle, including the traditional waterfall model and the agile methodology. Then we will quickly talk about the different roles and responsibilities, and certifications in Information Security & Technology. Finally, we will conclude with the industry recommendations and best practices for software developers. I. Introduction History of term SDLC: Information Systems and Technology (IS&T) are used by many organizations to make themselves more efficient and run more smoothly. But to manage IS&T is not an easy task. If they are not managed properly, the organization is prone to losses of information. In the 1960s, information systems depended heavily on data processing and mathematical routines. These processes would take lots of time and were not very reliable. There were many mistakes when developing these large systems, and maintaining them was even more difficult. These lethargic processes affected the most important individuals, the end users. They were in need for more, better, and cheaper software and wanted it as fast as they could possibly White Paper: SecSDLC 3

4 get it. Then a Software Development Life Cycle (SDLC) was introduced and was defined as a methodology for the design and implementation of the information systems. With this methodology, organizations can feel secure knowing that the system they have in place will protect them from any negative situations while also increasing their rate of success with projects. Purpose: With the introduction of the Software Development Life Cycle, it has created a better structure and organization. Software development life cycle was used to identify stakeholders and requirements for implementation of Information Systems. Problems in 1960s: Before software development life cycles companies would hire individuals to write code. This was substantial at first because the programs were not complex and it was the only method that was available at the time. Coders would write code and test the result; afterwards, they would modify code to fix bugs. Not to mention the unprecedented rate of change in business and technology almost made it impossible for software team to determine user requirements and adapt to their changes. More importantly, security neglect has been one of the main factors of why the majority of software projects have failed. For a really long time, security has always been secondary priority in SDLC. Critical security flaws are often recognized before software deployment. And even more unfortunate flaws are recognized after the iteration has been released. Organizations need to incorporate security governance to SDLC methodology of waterfall and agile. This incorporation of security will efficiently reduce potential costs associated with the risk of after employment. An effective security governance regime in the SDLC requires careful security planning, risk assessments, cost benefits analysis, and remediation. Security planning is the most important aspect in security governance. The main objective is to plan ahead and plan well before the incidents occur. White Paper: SecSDLC 4

5 II. Security in Software Development Life Cycle Traditional Waterfall SDLC Today we will focus on the traditional waterfall software development life cycle with an integration of security to improve the complete outcome of a software development lifecycle. A regular life cycle can consist of seven or more phases. These phases may increase or be broken down when implementing security in the life cycle. There are key drivers to integrating security into the Software Development Life Cycle: Security can decrease the high cost of fixing vulnerabilities. If the vulnerabilities are identified after deployment the cost is higher to resolve the issue. Therefore identifying the vulnerabilities before deployment can be less expensive for the business at large. The consequence a business may face if the system is compromised because of security. A business may lose customer if the system is compromised and their users personal data could be stolen. After a system is deployed and security was not an integrating factor, the business may have to hire a third party vendor to secure the software because the business did not hire skill software designer that were security conscious at the beginning. The outsourcing can become expensive. The lack of security will not have the full view of access required (e.g. internet). The company will lack the resources for the increasing demand of workers and customer to their network. Last but not least as the government increase security requirement and guidelines. It becomes difficult to ensure compliance when the companies do not plan for it. Each phase must be followed in sequence by the developer or software designer. The chart below shows how a traditional waterfall software development life cycle usually works. This cycle has five different stages. We will discus a seven stage traditional SDLC with an integration of security. White Paper: SecSDLC 5

6 Figure 1: Waterfall phases and Risk Profile How to plan a successful integration of security in a software development life cycle: During a SDLC planning for security will be essential. Security should be incorporated at the beginning of the software development life cycle. Through the use of risk management, the security requirements can be defined from business objectives. The business should ensure all the appropriate securities are implemented in the business requirements. These securities should be in the first phase of the design to ensure they also satisfy the business requirements. Business should ensure the development team and their managers are skilled in the art of developing software that is secure. The technology and processes should all meet the required security standard during implementation. Review of the deployed system should be ongoing to ensure appropriate levels of security are satisfied. Vulnerabilities should be evaluated using risk processes and then the vulnerabilities should be prioritized across software releases. White Paper: SecSDLC 6

7 Stages of traditional life Cycle: 1. Planning: The purpose of planning is to determine the scope of the project. This process may require studies to be undertaken before setting goals. During the planning the company performs feasible studies. The questions that are ask during these studies: They must ask the economical question. Should we build it? They must ask the operational question. If we build it, will they use it? They must ask the schedule question. Will it be ready in a timely manner? They must ask the technical question. Do they know how to build it? It is critical that security considerations be incorporated into the planning at the earliest stage of any project. 2. Defining Requirements: Defining requirements are the process, when the analyst receives feedback from stakeholders (e.g. end users). The feedback will allow for the creation of clear functions from the specific project goals. This phase allows a look from the end users view for the specific needs in the information systems. During this phase it is critical to consider a security plan to also integrate with the objective. The process will allow the business to ensure that the security policies will align with the objectives. These objectives would include: Creating requirements for access control list and the type of authentications and identity requirement, which are needed, and the different role bases. Business will identify and define the different levels of privacy for the data associated with the system and project. Business should create the criteria for abuse case. The criteria should outline the situation, which constitutes to a misuse of the system. 3. Designing System: Designing the system is when the features and the technical specification are described in detail. To assist with designing a system developers uses various (e.g. process diagram and use cases). Developers may also create prototypes to ensure all the requirements are met. In the designing White Paper: SecSDLC 7

8 stage there are logical and physical views. The logical view is an abstract view of how the system is suppose to work. The physical view is the actual physical components of the system. This is the second phase of integrating the security aspects into the software development life cycle. At this phase the requirement has been transformed into an actual architecture design and design decision. It allows the specific security controls to be implemented by the design team. Various security mechanisms are inserted at this point such as communication protocols. Security testing scenarios will be designed during this phase for identifying abuse cases that were developed during the planning phase. 4. Implementation: Implementation is to put into action for testing of the information systems. It can be costly if the information systems do not meet all the required needs of the users. Therefore during designing phase of the information systems all requirements and specification must be clearly defined to have a successful implementation. During this third phase of building for security, the system should always be built with security in mind, and software team should ensure needed security technologies and processes are properly in place and ready for integrating and testing. 5. Integrate and Test: During the integration and testing phase, all components are integrated and tested for bugs. Many corporate underfund this phase of the software development life cycle. The actual line of codes should ensure the integrity of the system. The coders should be well trained and have various auditing tool at their use to ensure the security and integrity of their data during the integrating and testing phase of the software development life cycle. 6. Deployment: The deployment phase is when the customer has accepted the information system and using the system for its needed purpose. A company has various ways to commence a deployment of software they are: phase, pilot, direct, and parallel. Phase: Phase is the process where part of the software switch over in phases. With phasing company is able to go back to the original system. Phasing allow nature take it course. The setback with phasing is when the original may become old and inefficient. White Paper: SecSDLC 8

9 Pilot: Pilot is an executable model of the system with all the function. The pilot is great way of getting and verifying the requirements. Direct: Direct is the most dangerous one because a company cannot go back. Direct forces a company to commit to the switch over. Parallel: Parallel is when a company is running the original system and the new at the same time. Parallel give the company a chance to go back if the new system fails. The setbacks with parallel are it s expensive to run two systems. The future for the administrators of the original is unknown. 7. Maintenance: During the maintenance phase of the software development life cycle is when future maintenance is completed on the information systems. The maintenance consist of three different types of maintenance they are corrective, adaptive, and perfective. Corrective maintenance is when the bugs fixed. Adaptive maintenance is the when the system need new coding compatibility issues. Perfective maintenance is when the company tries to improve the software. During the final stage of deployment of the system, maintenance is the most important part of the lifecycle because security threats are constantly evolving and been vigilant is the most important factor. Constant monitoring and various intrusion prevention systems are essential for the integrity of the system and the data, which is processed on the system. The maintenance team should continuously run penetration test and review logs and reports. Advantages and Disadvantage: The advantages with a traditional waterfall software development life cycle with the integration of security are the project is well defined with detail steps to ensure the integrity of the system and the data. There are standard development and designs. Project will be able to adjust to a change in the staff. The time is controlled and there is greater ability to monitor large projects. The disadvantages of traditional software development are there is an increase of time needed for the project. The system must be clearly defined at the beginning because the project is very difficult to make changes. Early errors can cause the project to overrun due to rework on early stages. There is little interaction with the end-users. Per Russell Kay of Computer World White Paper: SecSDLC 9

10 Another problem is that the waterfall model assumes that the only role for users is in specifying requirements, and that all requirements can be specified in advance. Unfortunately, requirements grow and change throughout the process and beyond, calling for considerable feedback and iterative consultation. Thus many other SDLC models have been developed. Most developers recommend using more than one methodology for a success implementation of an information system. Therefore project that is forever changing use a methodology called agile software development life cycle. Agile Methodology SLDC Security in SDLC does more than just to make end users feel safe and secured when using the software. Security in Agile methodology is to prevent the exploitable security holes as early as possible and to cut down the maintenance cost later after the system had been deployed. This is a critical aspect of agile methodology. Software teams can feel safer when introduce frequently new releases because at each small releases security governance should had been implemented. And, the security governance integrated into the agile is no different than the waterfall model, except it is integrated during every early small iteration time-box releases. Software engineers can implement agile in many different ways. But, iterations are the heartbeat of agile methodology. As mentioned, waterfall failed because of its inflexibility and subject to change. Organizations, who exercised waterfall model, were not inclined to change, to adapt with the evolving stakeholders requirements. In contrast, agile does a great job on focusing on iterations, frequent consultation with the customer, small and frequent releases, and rigorously tested code that directly responded to the stakeholders feedbacks. To further distinguish agile from other software development methodologies, it is important to recognize these two elements that shaped agility dimensions: response extensiveness and response efficiency. Response extensiveness relates to the scope, range, extent, and variety of software team responses. On the other hand, response efficiency relates to resources such as time, cost, and effort associated with software team responses. We had mentioned the differences between agile and waterfall model. But, what is agile methodology really? Where does it come from? And why do we use it? White Paper: SecSDLC 10

11 Figure 2: Agile Methodology with iteration time-box releases What is Agile? Agile methodology is the conceptual framework to introduce the more effective and efficient ways and best practices to develop software. For decades, the traditional waterfall software development life cycle had been the primary model for software development. However, the traditional waterfall has numerous problems such as maintenance cost, inflexibility, and subject to change. These causes are to slow down the industry s potential growth. Then, agile software development life cycle was introduced largely to address the weaknesses of the planed-based method such as the traditional waterfall software development. Where did agile come? Agile philosophy came from the different ideas of the 17 software engineers, who gathered together in 2001 to write the agile manifesto included with the 12 agile guideline principles, which was today widely known and used in the industry. Here are 12 agile guideline principles we shall follow: 1. Our highest priority is to satisfy the customer through early and continuous delivery of valuable software. 2. Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage. White Paper: SecSDLC 11

12 3. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale. 4. Business people and developers must work together daily throughout the project. 5. Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done. 6. The most efficient and effective method of conveying information to and within a development team is face-to-face conversation. 7. Working software is the primary measure of progress. 8. Agile processes promote sustainable development. The sponsors, developers, and users should be able to maintain a constant pace indefinitely. 9. Continuous attention to technical excellence and good design enhances agility. 10. Simplicity--the art of maximizing the amount of work not done--is essential. 11. The best architectures, requirements, and designs emerge from self-organizing teams. 12. At regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly. Agile methodology was a cooperative common on interests formed by the 17 individual contributions. While these engineers had different point of views in software developments, they possessed greatly magnifying similar goal of improving software development. The two wellknown methods that was used by different individuals at the time and now formally formed into agile framework were Extreme programming (XP) and Scrum. The managerial aspect of software development is the major difference between the two methodologies. EP focuses on hard coding or development process itself by using such technique, pair programming, two programmers sitting at the same desk and coding on the same screen while scrum focuses both management aspects and development processes. Why do we use agile? Furthermore, agile software development life cycle is more than just a set of standard rules, but agile is a philosophy. Agile philosophy was introduced to improve the traditional waterfall software development life cycle and to transform entire software industry as the whole. What make Agile different from the traditional waterfall SDLC are the rapid iterations of small and White Paper: SecSDLC 12

13 frequent releases to meet the evolving requirements. Agile focuses on direct user involvements during the development process, which explain the evolving requirements. Small and frequent iteration releases ensure security had been taken placed as early; hence to reduce the potential maintenance cost afterward. SecSDLC Certifications and Credibility: Security in SDLC requires a team. Like a software development teams, security team has different roles and responsibilities. Because software security has always been changing, it is important to keep track of these updates and reorganizations for those who keep up-to-date to enhance security policy and guideline to keep safe systems in place and to prevent the security threats such as polymorphic threat a threat that changes its apparent shape overtime, to become a new threat not detectable by techniques looking for a preconfigured signature; or man-in-themiddle threat- which seems to be the most difficult threat to recognize because it performs its attacks behind both end side objects of the attack. There are so many other new threats that security professionals need to keep up with such as the infamous Flame virus or the DNSChanger that shake the entire news world of internet. Imagine that the good guys have to discover and remedy ALL of the exploitable security holes why all the bad guys have to do is to discover ONE and exploit it. This is surely not an easy job for the security professionals. Roles and Responsibilities: A security team of key leadership positions within Information Security includes Chief Information Security Officer (definers), Security Manager, and Security Technician (administers). Chief Information Security Officer (CISO) may or may be not be included as top-level executives. CISO manages and directs an organization s computer information systems security program, implements information security policies, and supervises related Information Technology employees. The typical duties of the CISO are ensure compliance with local, state, White Paper: SecSDLC 13

14 and federal laws, implements controls to reduce fraud and other vulnerabilities, and train IT and non-it personnel on security and privacy issue. Security Manager oversees daily security operations for the business. The typically include developing and enforcing security policies to ensure a safe environment for employees and visitors. Security managers accomplish objectives identified by the CISO and issues identified by the technicians. They may also guard against property damage. Like CISOs, Security Managers are typically certified in CISSP, CISM, and/or GIAC. I will discuss these certifications, later. Security Technician tasked to configure firewalls, deploy Intrusion Detection and Prevention Systems (IDPSs) implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization s security technology is properly implemented. Certifications: There are many certifications Information Technology professionals may obtain. The top certifications that we seek are Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Global Information Assurance Certificate (GIAC). A CISSP is an information assurance professional who defines the architecture, design, management and/or controls that assure the security of business environments. The professionals credentials must meet at least two or more of the ten (ISO) 2 CISSP domains listed below: Access Control List (ACL) Telecommunications and Network Security Information Security Governance and Risk Management Software development Security Cryptography Security Architecture and Design White Paper: SecSDLC 14

15 Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations and Compliance Physical (Environmental) Security This certification requires that an individual have at least five years minimum professional working experience. This exam price ranges from $250 to $600. A CISM must provide evidence of five years of professional experience in the field of information security, at least two years of education, or previous certification, and pass 200- question multiple-choice exam. The exam has critical sections: Information security governance (23 percent) Information risk management (22 percent) Information security program development (17 percent) Information security program management (24 percent) Information management and response (14 percent) These certifications range from $395 to $645. GIAC certifications require the applicant to complete a written practical assignment that tests the applicant s ability to apply skills and knowledge. These assignments are submitted to the SANS for review. Only when the practical assignment is complete can the candidate who wishes to take the exam online. The GIAC certificates are organized into six areas: Forensics Security Administration Management Audit Software Security Legal White Paper: SecSDLC 15

16 These certifications range from $500 to $700. III. Conclusion In SDLC, both plan-based waterfall and agile methodologies can be effective ways to develop software. Each method has strengths and weaknesses. An examination of project interdependencies and volatility allows managers to determine the best type of methodology for a given situation. Most importantly, security governance is critical in software development. While using either methodologies to develop the software, it is a very important to plan and implement a security governance to prevent any exploitable security holes. Because software security brings value to software in terms of peoples trust, the value provided by secure software is vital because many critical functions are entirely dependent on the software. White Paper: SecSDLC 16

17 References Barlow, Jordan B.Keith, Mark JeffreyWilson, David W.Schuetzler, Ryan M.Lowry, Paul BenjaminVance, AnthonyGiboney, Justin Scott. "Overview And Guidance On Agile Development In Large Organizations." Communications Of AIS (2011): Computer Source. Web. 11 July Banerjee, C., and S. K. Pandey. "Software Security Rules, SDLC Perspective." (2009): arxiv. Web. 11 July < Danahy, Jack. "The Phasing-In Of Security Governance In The SDLC." Network Security (2008): Business Source Complete. Web. 12 July Dorsey, Paul. "Top 10 Reasons Why Systems Projects Fail." Top 10 Reasons Why Systems Projects Fail. Web. 25 May < Drewry, Tony. "UWE-CSM - IT System Development Lifecycles." UWE-CSM - IT System Development Lifecycles. N.p., n.d. Web. 3 July < Hanny, Jonathan. "Building An Application Security Program." Information Security Journal: A Global Perspective 19.6 (2010): Computer Source. Web. 14 July Jack, Danahy. "Security & SDLC: The Phasing-In Of Security Governance In The SDLC." Network Security 2008.(n.d.): ScienceDirect. Web. 11 July < Kay, Russell. "QuickStudy: System Development Life Cycle." Computerworld. 14 May Web. 24 May < Stephen de, Vries. "Testing: Software Testing For Security." Network Security (n.d.): ScienceDirect. Web. 11 July < McLean, Ephraim R. "The Traditional System Development Life Cycle." CIS Georgia State University, Atlanta. 24 May Lecture. Waterfall Model. "SDLC." Waterfall Model. WordPress, 2 June Web. 3 July < "What Agile Teams Think Of Agile Principles." Communications Of The ACM 55.4 (2012): Business Source Complete. Web. 11 July White Paper: SecSDLC 17

Manifesto for Agile Software Development

Manifesto for Agile Software Development Rocky Mountain Information Management Association Manifesto for Agile Software Development We are uncovering better ways of developing software by doing it and helping others do it. Through this work we

More information

Agile Overview. 30,000 perspective. Juha Salenius CSPO CSM PMI-ACP PMP SCGMIS Workshop January 23 rd, 2013

Agile Overview. 30,000 perspective. Juha Salenius CSPO CSM PMI-ACP PMP SCGMIS Workshop January 23 rd, 2013 Agile Overview 30,000 perspective Juha Salenius CSPO CSM PMI-ACP PMP SCGMIS Workshop January 23 rd, 2013 Agenda 30,000 Perspective The Players Initiating a Project Agile Estimating Agile Communications

More information

Agile Project Management with Scrum

Agile Project Management with Scrum Agile Project Management with Scrum Resource links http://www.agilealliance.org/ http://www.agilemanifesto.org/ http://www.scrum-master.com/ 1 Manifesto for Agile Software Development Individuals and interactions

More information

A Cynical View on Agile Software Development from the Perspective of a new Small-Scale Software Industry

A Cynical View on Agile Software Development from the Perspective of a new Small-Scale Software Industry A Cynical View on Agile Software Development from the Perspective of a new Small-Scale Software Industry Apoorva Mishra Computer Science & Engineering C.S.I.T, Durg, India Deepty Dubey Computer Science

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS CISM ITEM DEVELOPMENT GUIDE Content Page Purpose of the CISM Item Development Guide 2 CISM Exam Structure 2 Item Writing Campaigns 2 Why Participate as a CISM

More information

INFORMATION TECHNOLOGY ENGINEER V

INFORMATION TECHNOLOGY ENGINEER V 1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County

More information

Software Processes. Agile Methods

Software Processes. Agile Methods Software Processes Agile Methods Roadmap Agile Methods Agile Manifesto Agile Principles Agile Methods Agile Processes Scrum, Crystall,... Integrating Agile with Non-Agile Processes 2 Agile Development

More information

COMP 354 Introduction to Software Engineering

COMP 354 Introduction to Software Engineering COMP 354 Introduction to Software Engineering Greg Butler Office: EV 3.219 Computer Science and Software Engineering Concordia University, Montreal, Canada Email: gregb@cs.concordia.ca Winter 2015 Course

More information

Neglecting Agile Principles and Practices: A Case Study

Neglecting Agile Principles and Practices: A Case Study Neglecting Agile Principles and Practices: A Case Study Patrícia Vilain Departament de Informatics and Statistics (INE) Federal University of Santa Catarina Florianópolis, Brazil vilain@inf.ufsc.br Alexandre

More information

Agile Project Management By Mark C. Layton

Agile Project Management By Mark C. Layton Agile Project Management By Mark C. Layton Agile project management focuses on continuous improvement, scope flexibility, team input, and delivering essential quality products. Agile project management

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

New Developments in an Agile World: Drafting Software Development Agreements. By: Paul H. Arne 1,2

New Developments in an Agile World: Drafting Software Development Agreements. By: Paul H. Arne 1,2 New Developments in an Agile World: Drafting Software Development Agreements By: Paul H. Arne 1,2 A few months before this article was prepared, a group of senior IT professionals from some of the largest

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

History of Agile Methods

History of Agile Methods Agile Development Methods: Philosophy and Practice CPSC 315 Programming Studio Fall 2010 History of Agile Methods Particularly in 1990s, some developers reacted against traditional heavyweight software

More information

Agile Development with C#

Agile Development with C# Agile Development with C# Paweł Jarosz, pjarosz@pk.edu.pl Cracow University of Technology, Poland Jyvaskyla University of Applied Sciences, February 2009 Paweł Jarosz who am I? M.Sc. of Applied Physics

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Processes in Software Development. Presented 11.3.2008 by Lars Yde, M.Sc., at Selected Topics in Software Development, DIKU spring semester 2008

Processes in Software Development. Presented 11.3.2008 by Lars Yde, M.Sc., at Selected Topics in Software Development, DIKU spring semester 2008 Processes in Software Development Presented 11.3.2008 by Lars Yde, M.Sc., at Selected Topics in Software Development, DIKU spring semester 2008 Software hall of shame Classic mistakes ACM Code of Ethics

More information

Information Security Specialist Training on the Basis of ISO/IEC 27002

Information Security Specialist Training on the Basis of ISO/IEC 27002 Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu

More information

AGILE METHODOLOGY IN SOFTWARE DEVELOPMENT

AGILE METHODOLOGY IN SOFTWARE DEVELOPMENT AGILE METHODOLOGY IN SOFTWARE DEVELOPMENT Shivangi Shandilya, Surekha Sangwan, Ritu Yadav Dept. of Computer Science Engineering Dronacharya College Of Engineering, Gurgaon Abstract- Looking at the software

More information

werteorientierte Unternehmenskultur

werteorientierte Unternehmenskultur Echte Agilität erfordert eine werteorientierte Unternehmenskultur Jutta Eckstein Thomas Walker, CMC Seite 1 Goals of Today The main question of the day: The role of software development in relation with

More information

Software Development with Agile Methods

Software Development with Agile Methods Case Study Software Development with Agile Methods Introduction: Web application development is a much studied, heavily practiced activity. That is, capturing and validating user requirements, estimating

More information

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

University of Central Florida Class Specification Administrative and Professional. Information Security Officer Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team

More information

Bottlenecks in Agile Software Development Identified Using Theory of Constraints (TOC) Principles

Bottlenecks in Agile Software Development Identified Using Theory of Constraints (TOC) Principles Master thesis in Applied Information Technology REPORT NO. 2008:014 ISSN: 1651-4769 Department of Applied Information Technology or Department of Computer Science Bottlenecks in Agile Software Development

More information

Agile Development Overview

Agile Development Overview Presented by Jennifer Bleen, PMP Project Services Practice of Cardinal Solutions Group, Inc. Contact: Agile Manifesto We are uncovering better ways of developing software by doing it and helping others

More information

Managing TM1 Projects

Managing TM1 Projects White Paper Managing TM1 Projects What You ll Learn in This White Paper: Traditional approaches to project management A more agile approach Prototyping Achieving the ideal outcome Assessing project teams

More information

Agile Projects 7. Agile Project Management 21

Agile Projects 7. Agile Project Management 21 Contents Contents 1 2 3 Agile Projects 7 Introduction 8 About the Book 9 The Problems 10 The Agile Manifesto 12 Agile Approach 14 The Benefits 16 Project Components 18 Summary 20 Agile Project Management

More information

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) Consultant - Enterprise Systems & Applications 1. Reporting Function. The Applications Consultant reports directly to the CIO 2. Qualification and Experience

More information

Agile Requirements Generation Model: A Soft-structured Approach to Agile Requirements Engineering. Shvetha Soundararajan

Agile Requirements Generation Model: A Soft-structured Approach to Agile Requirements Engineering. Shvetha Soundararajan Agile Requirements Generation Model: A Soft-structured Approach to Agile Requirements Engineering Shvetha Soundararajan Thesis submitted to the faculty of the Virginia Polytechnic Institute and State University

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps

More information

Agile Beyond The Team 1

Agile Beyond The Team 1 Agile Beyond The Team 1 Dilbert Agile 2 What Does Your Organization Value? Projects over Teams? Do new teams spools up for new projects? On-Time/On-Budget Delivery over Zero Maintenance Products Deliver

More information

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Director, IT Security District Office Kern Community College District JOB DESCRIPTION Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,

More information

Page 1 of 5. IS 335: Information Technology in Business Lecture Outline Computer Technology: Your Need to Know

Page 1 of 5. IS 335: Information Technology in Business Lecture Outline Computer Technology: Your Need to Know Lecture Outline Computer Technology: Your Need to Know Objectives In this discussion, you will learn to: Describe the activities of information systems professionals Describe the technical knowledge of

More information

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle A Strategic Approach to Web Application Security The importance of a secure software development lifecycle Rachna Goel Technical Lead Enterprise Technology Web application security is clearly the new frontier

More information

AGILE vs. WATERFALL METHODOLOGIES

AGILE vs. WATERFALL METHODOLOGIES AGILE vs. WATERFALL METHODOLOGIES Introduction Agile and waterfall are two major methodologies that software developers and project managers have the option of using. Some of the goals of developers and

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

What Does Large Mean? Copyright 2003 by N. Josuttis and J. Eckstein 3. Why is Large an Issue?

What Does Large Mean? Copyright 2003 by N. Josuttis and J. Eckstein 3. Why is Large an Issue? Skalierung von agilen Prozessen Ein Erfahrungsbericht OOP 2003 Jutta Eckstein Nicolai Josuttis This Talk is About Agility Large Experience Success Copyright 2003 by N. Josuttis and J. Eckstein 2 1 What

More information

UC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara http://www.cs.ucsb.

UC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara http://www.cs.ucsb. CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ How Should We Build Software? Let s look at an example Assume we asked our IT folks if they can do the

More information

Alternative Development Methodologies

Alternative Development Methodologies Alternative Development Methodologies The Software Development Process described in the course notes and lecture is a generalized process that been in use for decades. Over this time, scholars in the IT

More information

Building Software in an Agile Manner

Building Software in an Agile Manner Building Software in an Agile Manner Abstract The technology industry continues to evolve with new products and category innovations defining and then redefining this sector's shifting landscape. Over

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Introduction to Agile Software Development. EECS 690 Agile Software Development

Introduction to Agile Software Development. EECS 690 Agile Software Development Introduction to Agile Software Development EECS 690 Agile Software Development Agenda Research Consent Forms Problem with Software Engineering Motivation for Agile Methods Agile Manifesto Principles into

More information

Development. Lecture 3

Development. Lecture 3 Software Process in Modern Software Development Lecture 3 Software Engineering i Practice Software engineering practice is a broad array of principles, concepts, methods, and tools that must be considered

More information

Agile on huge banking mainframe legacy systems. Is it possible?

Agile on huge banking mainframe legacy systems. Is it possible? EuroSTAR 2011 Agile on huge banking mainframe legacy systems. Is it possible? Christian Bendix Kjær Hansen Test Manager November 22, 2011 What is this presentation about? Goal Inspire others working with

More information

Comparative Study of Agile Methods and Their Comparison with Heavyweight Methods in Indian Organizations

Comparative Study of Agile Methods and Their Comparison with Heavyweight Methods in Indian Organizations International Journal of Recent Research and Review, Vol. VI, June 2013 Comparative Study of Agile Methods and Their Comparison with Heavyweight Methods in Indian Organizations Uma Kumari 1, Abhay Upadhyaya

More information

LECTURE 1. SYSTEMS DEVELOPMENT

LECTURE 1. SYSTEMS DEVELOPMENT LECTURE 1. SYSTEMS DEVELOPMENT 1.1 INFORMATION SYSTEMS System A system is an interrelated set of business procedures used within one business unit working together for a purpose A system has nine characteristics

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

This handbook is meant to be a quick-starter guide to Agile Project Management. It is meant for the following people:

This handbook is meant to be a quick-starter guide to Agile Project Management. It is meant for the following people: AGILE HANDBOOK OVERVIEW WHAT IS THIS? This handbook is meant to be a quick-starter guide to Agile Project Management. It is meant for the following people: Someone who is looking for a quick overview on

More information

Process Methodology. Wegmans Deli Kiosk. for. Version 1.0. Prepared by DELI-cious Developers. Rochester Institute of Technology

Process Methodology. Wegmans Deli Kiosk. for. Version 1.0. Prepared by DELI-cious Developers. Rochester Institute of Technology Process Methodology for Wegmans Deli Kiosk Version 1.0 Prepared by DELI-cious Developers Rochester Institute of Technology September 15, 2013 1 Table of Contents 1. Process... 3 1.1 Choice... 3 1.2 Description...

More information

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor IT Audit/Security Certifications Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor Certs Anyone? There are many certifications out there

More information

IT Risk & Security Specialist Position Description

IT Risk & Security Specialist Position Description Specialist Position Description February 9, 2015 Specialist Position Description February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level

More information

Introduction to Agile Software Development

Introduction to Agile Software Development Introduction to Agile Software Development Word Association Write down the first word or phrase that pops in your head when you hear: Extreme Programming (XP) Team (or Personal) Software Process (TSP/PSP)

More information

Scaling Scrum. Colin Bird & Rachel Davies Scrum Gathering London 2007. conchango 2007 www.conchango.com

Scaling Scrum. Colin Bird & Rachel Davies Scrum Gathering London 2007. conchango 2007 www.conchango.com Scaling Scrum Colin Bird & Rachel Davies Scrum Gathering London 2007 Scrum on a Slide Does Scrum Scale? Ok, so Scrum is great for a small team but what happens when you have to work on a big project? Large

More information

InfoSec Academy Application & Secure Code Track

InfoSec Academy Application & Secure Code Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

A. Waterfall Model - Requirement Analysis. System & Software Design. Implementation & Unit Testing. Integration & System Testing.

A. Waterfall Model - Requirement Analysis. System & Software Design. Implementation & Unit Testing. Integration & System Testing. Processing Models Of SDLC Mrs. Nalkar Sanjivani Baban Asst. Professor, IT/CS Dept, JVM s Mehta College,Sector 19, Airoli, Navi Mumbai-400708 Nalkar_sanjivani@yahoo.co.in Abstract This paper presents an

More information

Agile Software Development Methodologies and Its Quality Assurance

Agile Software Development Methodologies and Its Quality Assurance Agile Software Development Methodologies and Its Quality Assurance Aslin Jenila.P.S Assistant Professor, Hindustan University, Chennai Abstract: Agility, with regard to software development, can be expressed

More information

Agile Software Development in the Large

Agile Software Development in the Large Agile Software Development in the Large GI-Vortrag Braunschweig Jutta Eckstein Nicolai Josuttis What Does Large Mean? Large in... scope time people money risks We focus on Large Teams which implies everything

More information

Secure Code Development

Secure Code Development ISACA South Florida 7th Annual WOW! Event Copyright Elevate Consult LLC. All Rights Reserved 1 Agenda i. Background ii. iii. iv. Building a Business Case for Secure Coding Top-Down Approach to Develop

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Information Systems Security Certificate Program

Information Systems Security Certificate Program Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate

More information

security peace of mind

security peace of mind IN F O R M AT ION TEC HNOLOGY (IT ) SECURIT Y AT GEN ES I S security peace of mind You re covered. Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information

More information

CITY UNIVERSITY OF HONG KONG. Information System Acquisition, PUBLIC Development and Maintenance Standard

CITY UNIVERSITY OF HONG KONG. Information System Acquisition, PUBLIC Development and Maintenance Standard CITY UNIVERSITY OF HONG KONG Development and Maintenance Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

USCIS/SPAS: Product Backlog Items and User Stories 4/16/2015. Dr. Patrick McConnell

USCIS/SPAS: Product Backlog Items and User Stories 4/16/2015. Dr. Patrick McConnell USCIS/SPAS: Product Backlog Items and User Stories 4/16/2015 Dr. Patrick McConnell July 9, 2015 1 First, an old joke.. I can t identify an original source for this cartoon. As best as I can tell, the art

More information

Advanced Software Engineering. Software Development Processes

Advanced Software Engineering. Software Development Processes Agent and Object Technology Lab Dipartimento di Ingegneria dell Informazione Università degli Studi di Parma Advanced Software Engineering Software Development Processes Prof. Agostino Poggi Software Development

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

Agile Software Development. Mohsen Afsharchi

Agile Software Development. Mohsen Afsharchi Agile Software Development Mohsen Afsharchi I. Agile Software Development Agile software development is a group of software development methods based on iterative and incremental development, where requirements

More information

CS435: Introduction to Software Engineering! " Software Engineering: A Practitioner s Approach, 7/e " by Roger S. Pressman

CS435: Introduction to Software Engineering!  Software Engineering: A Practitioner s Approach, 7/e  by Roger S. Pressman CS435: Introduction to Software Engineering! " " " " " " " "Dr. M. Zhu! Chapter 3! Agile Development! Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e " by Roger S. Pressman

More information

NASCIO 2015 State IT Recognition Awards

NASCIO 2015 State IT Recognition Awards NASCIO 2015 State IT Recognition Awards Title: State of Georgia Private Security Cloud Implementation Category: Cybersecurity Contact: Mr. Calvin Rhodes CIO, State of Georgia Executive Director, GTA calvin.rhodes@gta.ga.gov

More information

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS 1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS Synopsis SPSP Project Overview Phase I Summary Phase

More information

Agile So)ware Development

Agile So)ware Development Software Engineering Agile So)ware Development 1 Rapid software development Rapid development and delivery is now often the most important requirement for software systems Businesses operate in a fast

More information

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle

More information

Best Practices for Building a Security Operations Center

Best Practices for Building a Security Operations Center OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,

More information

JOB DESCRIPTION CONTRACTUAL POSITION

JOB DESCRIPTION CONTRACTUAL POSITION Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com

Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com Threat Modeling "Threat modeling at the design phase is really the only way to

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

26 May 2010 CQAA Lunch & Learn Paul I. Pazderski (CSM/CSP, OD-CM, CSQA) spcinc13@yahoo.com Cell: 224-595-8846 AGILE THROUGH SCRUM

26 May 2010 CQAA Lunch & Learn Paul I. Pazderski (CSM/CSP, OD-CM, CSQA) spcinc13@yahoo.com Cell: 224-595-8846 AGILE THROUGH SCRUM 26 May 2010 CQAA Lunch & Learn Paul I. Pazderski (CSM/CSP, OD-CM, CSQA) spcinc13@yahoo.com Cell: 224-595-8846 AGILE THROUGH SCRUM 1 AGENDA & LEARNING POINTS 1. Open 2. Agile Overview 3. Scrum Basics Learning

More information

White Paper IT Methodology Overview & Context

White Paper IT Methodology Overview & Context White Paper IT Methodology Overview & Context IT Methodologies - Delivery Models From the inception of Information Technology (IT), organizations and people have been on a constant quest to optimize the

More information

LEAN AGILE POCKET GUIDE

LEAN AGILE POCKET GUIDE SATORI CONSULTING LEAN AGILE POCKET GUIDE Software Product Development Methodology Reference Guide PURPOSE This pocket guide serves as a reference to a family of lean agile software development methodologies

More information

Comparing Scrum And CMMI

Comparing Scrum And CMMI Comparing Scrum And CMMI How Can They Work Together Neil Potter The Process Group help@processgroup.com 1 Agenda Definition of Scrum Agile Principles Definition of CMMI Similarities and Differences CMMI

More information

Appendix A-2 Generic Job Titles for respective categories

Appendix A-2 Generic Job Titles for respective categories Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide

More information

Agile Software Development

Agile Software Development E Learning Volume 5 Number 1 2008 www.wwwords.co.uk/elea Agile Software Development SOLY MATHEW BIJU University of Wollongong in Dubai, United Arab Emirates ABSTRACT Many software development firms are

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

The Agile Manifesto is based on 12 principles:

The Agile Manifesto is based on 12 principles: The Agile Manifesto is based on 12 principles: Customer satisfaction by rapid delivery of a useful product solution Welcome changing requirements, even late in development Working products are delivered

More information

Agile QA s Revolutionary Impact on Project Management

Agile QA s Revolutionary Impact on Project Management Agile QA s Revolutionary Impact on Project Management Introduction & Agenda Rachele Maurer Agile Coach, Platinum Edge Inc. PMP, CSM, PMI-ACP Agenda A quick overview of agile Current QA practices QA using

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Agile Development for Application Security Managers

Agile Development for Application Security Managers Agile Development for Application Security Managers www.quotium.com When examining the agile development methodology many organizations are uncertain whether it is possible to introduce application security

More information

SEEM4570 System Design and Implementation Lecture 10 Software Development Process

SEEM4570 System Design and Implementation Lecture 10 Software Development Process SEEM4570 System Design and Implementation Lecture 10 Software Development Process Software Development A software development process: A structure imposed on the development of a software product Also

More information

Agile and lean methods for managing application development process

Agile and lean methods for managing application development process Agile and lean methods for managing application development process Hannu Markkanen 27.01.2012 1 Lifecycle model To support the planning and management of activities required in the production of e.g.

More information

Agile Security Successful Application Security Testing for Agile Development

Agile Security Successful Application Security Testing for Agile Development WHITE PAPER Agile Security Successful Application Security Testing for Agile Development Software Security Simplified Abstract It is an imperative to include security testing in application development.

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

http://www.bigvisible.com

http://www.bigvisible.com Sustainable Pace How can we help our teams achieve it? http://www.bigvisible.com 2011 BigVisible Solutions, Inc. Facilitator Bob Sarni 25 years focused on team development, leadership mentoring and coaching,

More information

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam

More information

Ingegneria del Software Corso di Laurea in Informatica per il Management. Agile software development

Ingegneria del Software Corso di Laurea in Informatica per il Management. Agile software development Ingegneria del Software Corso di Laurea in Informatica per il Management Agile software development Davide Rossi Dipartimento di Informatica Università di Bologna The problem Efficiency: too much effort

More information