Assignment:
Scenario:
NCU-FSB is in the process of implementing an ERP solution for administrative process integration. The solution to be implemented will cover all operations (loans, credit cards, mortgages, IRAs, investments, and financial counseling services) with administrative operations (human resources, finances, plant management, procurements, and asset management, among others). To ensure that a chosen solution meets all technical and security requirements, the CEO asked the CIO and you as the CISO to analyze industry solutions and recommend the control criteria every solution to be developed, either commercial off-the-shelf (COTS) or in-house development must meet.
Instructions:
For this assignment, you must develop a diagram and a technical paper, in which you design a control model for secure development.
Your paper should contain the following:
- Model with a checklist, outline, or flowchart of all the control elements needed to review at the time of performing a database or application for testing.
- Checklist must be useful for either for usability testing, certifying completeness and compliance as part of the accreditation process.
- Checklist should contain the criteria to be validated during design, development, and testing. The criteria will eventually become the standards for data and application management for all applications to be updated or developed.
- Recommendations for data and application control best practices to control risks
- Comparison of the waterfall model, spiral model, rapid application development, reuse model, and extreme programming, as strategies for secure software best practices.
Length: 7 page technical paper and include a minimum of 5 scholarly articles not more than 5 years
The completed assignment should demonstrate thoughtful consideration of the ideas and concepts presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards. Include a plagiarism report.
Readings:
1. Designing Your Organization's Custom COBIT
By Stefanie Grijp
2. Intelligent Software Platform and End-point Software for Risk Management
By Senkov A
3. Managing Information Security Risk Using Integrated Governance Risk and Compliance
By Mathew Nicho
4. Random Network Coding for Secure Packet Transmission in SCADA Networks
By Sajid Nazir
5. New Approach to Determine DDoS Attack Patterns on SCADA System Using Machine Learning
By Fahd A. Alhaidari