StudyDaddy Information Systems Security in SDLC versus Agile - You are the Manager for the System Development team for a hospital. You are tasked with ensuring that the code in new applications developed in-house and from applicati

Security in SDLC versus Agile - You are the Manager for the System Development team for a hospital. You are tasked with ensuring that the code in new applications developed in-house and from applicati

Security in SDLC versus Agile - You are the Manager for the System Development team for a hospital. You are tasked with ensuring that the code in new applications developed in-house and from applications purchased from vendors is secure. You are tasked with helping the company decide whether they should choose Agile as the selected enterprise methodology or another methodology. Please select another model to compare to Agile and compare and contrast each methodology and how each will assist with ensuring the systems developed are secure.

Agile development methodology allows project to released in iterations or in modular structures, it improves overall efficiency since the system prototype undergoes series of iteration fixing and addressing errors in the early stage of the development. It allows frequent software improvements based on the results on each iteration (Cao et al., 2009). It requires constant, reliable and real-time communication and it also requires huge commitment and interaction between the end users to complete each feature based on the desired specification (Cao et al., 2009).

            SDLC development method is a traditional software development method used in many applications. It uses rigid linear model consisting of sequential phases such as requirements, design, implementation, verification and maintenance. It requires each phase to be 100% completed prior to moving to next phase. It provides clear objectives and ideal for project with fixed requirements (Ragunath, et al, 2011). SDLC development method can be used by less experienced project managers and teams; it is slow in terms of software development and costly at the long run (Ragunath, et al, 2011).

As a software developer myself, I am highly recommending the agile approach on the development process this method can be scaled from small systems into large systems. As for the aspect of security during the development process it is with utmost importance to use a cyber security framework in the software design and development process. I will be particularly citing the adaptation of COBIT framework in the evaluation of security and quality controls during the Software Development Process.

Let's first discuss the overall concept of this framework in order for us to gain a deeper understanding to the principles behind it. COBIT (Control Objectives for Information and Related Technology) framework specially designed for IT management and governance. It consists of generic processes for managing IT processes and policies (Bernroider & Ivanov, 2011).

The adaptation of this framework in the Software Development Process gives the organization a standard approach in dealing with the phases of development.

Benefit of COBIT framework

Planning & Organization

This phase refers to the establishment of strategic plans and vision which pertains to information technology. This is where the top management develops strategies, communicate with key individuals/groups and performs overall management to activities focused on achieving the strategic vision (Bernroider & Ivanov, 2011).

Acquiring & Implementation

After the strategic vision has been set, it is now time to select, develop and acquire appropriate IT solutions that will enable attainment of the organizational goals. IT systems should be integrated into operational processes and should be managed properly by the administration (Bernroider & Ivanov, 2011).

 Delivering and Support

After the selection of the appropriate method to be used in acquiring IT solutions, the delivery of the agreed services will follow. The project implementation will involve testing for errors, assessment of security measures deployed, and the responsiveness of technical support (Bernroider & Ivanov, 2011).

Monitoring & Evaluating

Once everything is set, a preventive maintenance plan should be implemented to ensure the continuity and the maximum utilization of the services is achieved. Monitoring system implementation is also crucial to the business to immediately address threats and vulnerabilities. An impact assessment should also be done regularly t to measure the effectiveness of the systems deployed (Bernroider & Ivanov, 2011).

References

Bernroider, E. W., & Ivanov, M. (2011). IT project management control and the Control Objectives for IT and related Technology (CobiT) framework. International Journal of Project Management, 29(3), 325-336.

Cao, L., Mohan, K., Xu, P., & Ramesh, B. (2009). A framework for adapting agile development methodologies. European Journal of Information Systems, 18(4), 332-343.

Ragunath, P. K., Velmourougan, S., Davachelvan, P., Kayalvizhi, S., & Ravimohan, R. (2010). Evolving a new model (SDLC Model-2010) for software development life cycle (SDLC). International Journal of Computer Science and Network Security, 10(1), 112-119.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!