Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Chapter 7 Software Supporting Processes and Software Reuse.

Published byAnnabel Maxwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Chapter 7 Software Supporting Processes and Software Reuse."— Presentation transcript:

1 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Chapter 7 Software Supporting Processes and Software Reuse

2 © Cengage Learning 2015 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Objectives Understand the role and functions of the supporting processes Understand the role and function of the reuse process Successfully plan and implement a management architecture of supporting processes Successfully implement and manage a reuse process 2

3 © Cengage Learning 2015 Overview of the Software Supporting Process Group The supporting processes apply to: –Agreement –Systems qualification testing –Software acceptance support –Software operation –Software maintenance Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 3

4 © Cengage Learning 2015 Software Document Management Software document management is the first of the supporting processes –Focuses on managing the documents that contain the information rather than the information itself Activities involved in document management: –The planning, design, development, production, editing, distribution, and maintenance steps needed to keep proper records Maintains all formal authorizations of the document format and helps produce and sustain documents that have been approved for use Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 4

5 © Cengage Learning 2015 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 5

6 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 6

7 © Cengage Learning 2015 Software Configuration Management Configuration management (CM): defines and enforces control over an organization’s assets –Specifies methods for controlling changes to assets throughout their useful lifecycle CM objective: to control changes to items in a way that preserves their integrity Advantages of CM: –Maintains the integrity of configurations –Allows changes to be evaluated and made rationally –Gives managers and policy makers direct input into the evolution of the ICT asset base Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 7

8 © Cengage Learning 2015 Software Configuration Management CM involves three major elements in the software lifecycle: –Development - supports the identification process –Maintenance - supports authorization and configuration control –Assurance - supports verification Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 8

9 © Cengage Learning 2015 Who Participates in Configuration Management? Three roles involved in CM: –The customer, the producer, and any associated subcontractors CM incorporates the two process of configuration control and verification control, which are implemented through three activities: –Change process management –Baseline control –Configuration verification Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 9

10 © Cengage Learning 2015 What are the Roles? Configuration manager - ensures the requirements of change management are carried out Baseline manager - ensures that all configuration items in the project configuration management plan are identified, accounted for, and maintained Verification manager - ensures that product integrity is maintained during the change process –To confirm that all items in the change management ledger (CML) conform to the identification scheme, verify that changes have been carried out, and conduct milestone reviews Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 10

11 © Cengage Learning 2015 What is the Process? The cornerstone of configuration management is the configuration identification scheme –Usually established during the requirements analysis phase of the specification process All components are given a unique identifying label –Typically referred to as product identification numbers (PINs) If items in the evolving structure represent a new baseline: –The identifying labels are modified to reflect it Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 11

12 © Cengage Learning 2015 What is the Process? The organization must explicitly define the management level authorized to approve changes to each baseline The configuration control board (CCB) operates at defined levels of authorization An ICT organization has three control boards: –One composed of top-level policy makers and one for each of the major system components (a software CCB and hardware CCB) Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 12

13 © Cengage Learning 2015 The Configuration Management Plan Configuration management is specifically defined and formally implemented through a configuration management plan (CMP) The plan should specify roles for change management, baseline management, and verification management The plan should also: –Help define the configuration identification scheme –Provide the basic structure of the PIN and how it will be assigned and formatted Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 13

14 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 14

15 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 15

16 © Cengage Learning 2015 Software Quality Assurance Software quality assurance (SQA): to ensure that software products and processes comply with predefined provisions and plans SQA provides oversight to the software manager SQA ensures that: –Appropriate development methods are in place –Standards are employed and independently audited –Necessary documentation is available –Change management mechanisms are in place to deal with any deviations from standards Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 16

17 © Cengage Learning 2015 Organization of SQA Operations SQA is based on a strategy and plan that –Maintains software quality –Identifies and records any problems conforming to requirements –Verifies that products, processes, and activities adhere to applicable standards, procedures, and requirements Most operational problems encountered by SQA involve staffing, authority, and control SQA must have an independent reporting line Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 17

18 © Cengage Learning 2015 SQA: Overall Operation The organization’s basic framework must include a set of defined quality assurance practices –Which are based on systematic development methods and standards for reviews Each SQA process must be planned to meet a project’s unique needs SQA must have the mandate to conduct in-process evaluations of project management and the organization’s governance control system Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 18

19 © Cengage Learning 2015 SQA Reporting SQA should not report to the project manager –But to local management No more than one position should separate SQA and the senior site manager SQA should have an advisory relationship with a senior quality executive Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 19

20 © Cengage Learning 2015 Starting the SQA Program Eight steps required to start an SQA program: –1. Initiation –2. Identification –3. Writing the plan –4. Integration –5. Defining procedures –6. Establishment –7. Implementation –8. Auditing Common SQA standard is IEEE STD-730 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 20

21 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 21

22 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 22

23 © Cengage Learning 2015 Verification Purpose of verification: to confirm that each work product or service of a process properly reflects the specified requirements –It tests each transitional product from every phase as it is completed Involves: –Reviewing, inspecting, testing, checking, auditing, establishing and documenting Verification also assesses risk and feasibility concerns Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 23

24 © Cengage Learning 2015 Verification In the development phase, verification seeks to catch and correct small errors before they spread Verification outcomes are based on evidence obtained through assessment The most powerful verification processes normally involve a third party that performs the assessments The verification process is formalized by a plan that should be defined early and refined as a project moves downstream Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 24

25 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 25

26 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 26

27 © Cengage Learning 2015 Verification The process begins with a determination that verification is worthwhile The next step is to identify the organization that will execute the verification process –And decide which lifecycle elements will be verified Then, the required verification activities are performed as scheduled Any resulting defects are identified and recorded –Results are made available to the customer and other involved parties Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 27

28 © Cengage Learning 2015 Validation Validation assess the product to ensure that it complies with its purpose It is an ongoing process used to stay on top of meaningful changes to any element of the system, software product, or service Validation guarantees the software performs as it was designed or programmed to do The validation process begins prior to any actual planning It is almost always conducted by a third party Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 28

29 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 29

30 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 30

31 © Cengage Learning 2015 Software Review The purpose of the software review process: –To maintain a common understanding with stakeholders that the software is making progress against the contract –To help ensure development of a product that satisfies the stakeholders The review process uses a team approach to define, design, and evaluate work products The team can establish a common set of evaluation criteria, assess progress, and identify critical issues and recommendations Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 31

32 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 32

33 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 33

34 © Cengage Learning 2015 The Audit Process Purpose of software audits: –To independently determine the compliance of selected products and processes with appropriate requirements, plans, and agreements Audits are conducted by an appropriate independent party based on the audit plan Problems detected during an audit are identified and communicated to the parties responsible for corrective action and resolution Audits are usually performed at the end of a project Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 34

35 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 35

36 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 36

37 © Cengage Learning 2015 Problem Resolution The purpose of problem resolution is to ensure that all problems in a process are identified, analyzed, managed, and controlled to resolution Requires a management strategy that allows problems to be recorded, identified, and classified Ensures maintenance of the integrity of the system software, product, or service throughout the lifecycle Acts in conjunction with other supporting processes to ensure the product and process meets standards Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 37

38 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 38

39 © Cengage Learning 2014 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 39

40 © Cengage Learning 2015 Reuse Reuse: the construction of new software from existing components Reuse processes were not included in the original version of the standard –They have been added in the 2008 version Having a library of prewritten functions, templates, and procedures saves time and reduces cost Reusable code modules ensure higher levels of quality, security, and capability Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 40

41 © Cengage Learning 2015 Reuse Domain engineering - used to ensure that products are built with a high level of integrity –Necessary to allow managers to understand how to reintegrate abstract components into other useful applications –Goal is to characterize the application domain, its architectures, and assets Process Implementation - first step is to create and execute a domain engineering plan –Domain engineer selects and formalizes the standard form of representation Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 41

42 © Cengage Learning 2015 Reuse Domain Analysis - to define the conceptual boundaries of the domain and the relationships between it and other domains –To develop the domain model, the engineer carries out a domain review with all stakeholders, including software developers, asset managers, domain experts, and users –When the review is complete and the results are accepted, the domain engineer passes the domain model along to the architectural design stage Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 42

43 © Cengage Learning 2015 Reuse Domain Design - the domain engineer develops and documents an architectural design that incorporates all assets designated for reuse Asset Provisioning - the domain engineer acquires or develops the necessary assets –Each asset is documented, classified and evaluated in accordance with the organization’s asset acceptance procedures Asset Maintenance - a responsibility of configuration management Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 43

44 © Cengage Learning 2015 Reuse Reuse Asset Management - to manage the life of reusable assets from conception to retirement –Uses a documented asset classification scheme –Specifies the criteria for accepting and eventually retiring an asset –Defines an asset storage and retrieval mechanism that tracks and records asset use Process Implementation - First step is to create an asset management plan –This plan defines the resources and operational procedures for managing assets Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 44

45 © Cengage Learning 2015 Reuse Asset Storage and Retrieval Definition - reusable assets are typically kept in an archive until they are used –The asset manager must implement and maintain a formal mechanism for asset storage and retrieval Asset Management and Control - ensures the correctness and integrity of the assets in the reuse archive –All assets submitted for reuse must be evaluated to ensure it is acceptable for reuse Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 45

46 © Cengage Learning 2015 Reuse Reuse Program Management - to plan, establish, control, and monitor an organization’s overall reuse program –To systematically exploit opportunities for reuse –Reuse program is monitored and evaluated on an ongoing basis Initiation - a reuse strategy is necessary to being developing a reuse program –Strategy includes setting goals for reuse and defining the program’s purposes, objectives, and scope Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 46

47 © Cengage Learning 2015 Reuse Domain Identification - A group is formed to identify the domains in which the organization can practice reuse –Group consists of program administrator, domain engineers, users, and software developers –The group evaluates each domain to ensure that it accurately fits with the reuse strategy Reuse Assessment - a function that constantly ensures the organization’s reuse capability –Program administrator assesses each domain to determine its potential for reuse Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 47

48 © Cengage Learning 2015 Reuse Planning - requires the creation of a plan to implement the program –The plan is maintained to ensure the organization understands all requirements for implementing the reuse program –The plan has to be reviewed and evaluated by members of the reuse steering committee for completeness, feasibility, and ability to execute Execution and Control - Activities in the plan are executed in accordance with its requirements –Program is monitored by program administrator Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 48

49 © Cengage Learning 2015 Reuse Review and Evaluation - the program administrator provides assessment results and lessons learned to the reuse steering committee and to appropriate managers –Administrator also recommends and makes changes to the program –Administrator expands and improves it in accordance with the plan’s stipulations Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition 49

50 © Cengage Learning 2015 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Summary The supporting processes in the 12207-2008 standard represent the value-added elements that guarantee the quality and security of ICT products To develop a successful, defect-free piece of software, an organization must adopt and follow a disciplined set of supporting processes The outcome of the documentation management process is an explicit understanding and formal description of every lifecycle record Configuration management defines and enforces management control over ICT assets 50

51 © Cengage Learning 2015 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Summary SQA monitors the actions of software operations and brings any deviations to management’s attention The verification process confirms that products properly reflect specified requirements The validation process assesses products to ensure that they comply with their intended purpose Joint reviews of software help maintain a common understanding of progress Audits determine compliance with requirements, plans, and agreements 51

52 © Cengage Learning 2015 Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Summary Problem resolution ensures that integrity is maintained throughout the lifecycle Software reuse allows new code to use existing modules as a means of leveraging production 52

Download ppt "Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Chapter 7 Software Supporting Processes and Software Reuse."

Similar presentations

Configuration Management

Configuration Management
Software Quality Assurance Plan

Software Quality Assurance Plan
Software Quality Assurance Plan

Software Quality Assurance Plan
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
More CMM Part Two : Details.

More CMM Part Two : Details.
Stepan Potiyenko ISS Sr.SW Developer.

Stepan Potiyenko ISS Sr.SW Developer.
School of Computing, Dublin Institute of Technology.

School of Computing, Dublin Institute of Technology.
9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Configuration Management

Configuration Management
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Purpose of the Standards

Purpose of the Standards
Configuration Management

Configuration Management
CSSE 375 Software Construction and Evolution: Configuration Management

CSSE 375 Software Construction and Evolution: Configuration Management
Configuration Management Avoiding Costly Confusion mostly stolen from Chapter 27 of Pressman.

Configuration Management Avoiding Costly Confusion mostly stolen from Chapter 27 of Pressman.
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
S/W Project Management

S/W Project Management
The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)

Similar presentations

Ads by Google