Download presentation
Presentation is loading. Please wait.
Published byGeorgia Hoover Modified over 8 years ago
1
Project Success Factors when using System Development Life Cycle IT Symposium October 2015 By Edward M. Dennis
2
Project Success Factors when using System Development Life Cycle Introduction (slide 3-6) Thank You
3
What IT costs In the mid-1960s, less than five percent of American capital expenditures. (Carr, 2003) At the turn of the century nearly 50 percent of capital expenditures went to IT (Carr, 2003) 2012 and 2013 IT expenditures totaled 3.5 trillion world wide (Gartner, 2013) Over the next five years this will go up 2.1, 3.7, 3.8, 3.4, and 3.2 percent respectively (Gartner, 2013).
4
Zachman John Zachman - relationship between following a lifecycle framework and success (Zachman, 1987) Classical engineering – construction of buildings, roads and bridges (Zachman 1987) Classic Engineering Lifecycle process Requirements Design w/innovation Reliability (testing) Implementation Use and eventual destruction (Spector, A. and D. Gifford, 1986).
5
Bridges to nowhere
6
The Standish Group and CHAOS 1994 - 69 percent reached O&M 2012 – 82 percent reached O&M Success = on time within budget and met requirements
7
Standish Report 1994Standish Report 20132015 Survey of Participants 1 User involvementExecutive management supportSkilled resources 2 Executive management supportUser involvementUser, customer involvement 3 Clear statement of requirementsClear business objectivesAgile process 4 Proper planningEmotional maturityTools and infrastructure 5 Realistic expectationsOptimizing scopeClear business objectives 6 Smaller project milestonesAgile processProject management expertise 7 Competent staffProject management expertiseTeam member maturity 8 OwnershipSkilled resourcesProject execution based plan 9 Clear vision and objectivesExecutionExecutive management support 10 hard-Working, focused staffTools and infrastructureOptimization of scope
8
All respondents results
9
Survey Role in IT Level in education Certifications Experience in IT and in this position Experience on team Types of projects Use of life cycle, lifecycles used, and project Management training Number of projects, on time, within budget, success, met requirements, and scope creep
10
Success from development life cycle and Project Management training
11
Conclusions Success factors Development Lifecycle and training in Project Management These two aspects ranked in the top 2 in every category Lifecycles and project management do effect project success
12
Life cycles Troubleshooting Defining the problem Testing and research Gather information Analysis Implement fix Did it resolve problem Quality Brainstorm possible problems Define problem to resolve Brainstorm solutions Analyze solutions Implement solution Did it resolve problem
13
System or Software Development Lifecycle Planning Requirements Design Implementation Test Deployment Operations and Maintenance
14
SDLC and NIST
15
Zachman Model
16
Waterfall Project planning – overview of project – determining goals System analysis – requirements, goals of project System Design – features, detailed operation, business case, process Implementation – writing code Integrate and test – testing environment – test interoperability resolve issues Acceptance and deployment – production Maintenance Decommission
17
Secure development life cycle Planning Requirements Design Implementation Test Deployment Operations and Maintenance
18
Planning Who – representatives from all stakeholders What business strategies take priority Budget When is the deadline for the project to be accomplished Where in my network architecture will this reside Developing a system by analyzing and meeting mission or business need of the information system using available and cost–effective technologies Security requirements dictate technologies needed to protect system information Assess risk of project planned Define scope Present to stakeholders/management for concurrence
19
Requirements Defining system requirements Defining security requirements Account management and access control Information flow System use parameters Verify requirement fall within scope (scope creep) Information input and output restrictions Estimated cost of implementation Compliance with regulations and policies Keep stakeholders/management informed (concurrence)
20
Scope Creep Process by which the project grows beyond its original requirements, function or feature Proper documented and agreed upon requirements Can cost and time overruns Need for good stakeholder communications Clearly defined scope of work Work process breakdown Written agreement on scope (requirements, function, and features) Understood, collaborated, defined, agreed upon, and cost effective
21
Design Necessary documentation Hardware and software redundancy Risk assessment and analysis Mitigating security controls documented Data requirements and protection Planning and basic testing of code and applications Open source or COTS Application and Operating system hardening Keep stakeholders/management informed (concurrence) Beware of scope creep
22
Implementation System builds and software installation Vulnerability Management System and application scanning Penetration testing where applicable Verify requirements are met Verify compliance with regulations and policies Contingency planning Risk assessment and Privacy Impact Documentation of Standard operating Procedures and Processes Keep stakeholders/management informed (concurrence)
23
Test User testing Functionality Test backup and restore processes Update documentation User training Vulnerability Management System and application scanning Penetration testing where applicable
24
Deployment Set up Change management process Set up configuration management process System and user monitoring plan Auditing of security logs Security Event and Incident Management Vulnerability Management Plan Risk Management Stakeholder acceptance/Authorization to proceed Feedback/concerns, requirements met, Communications Plan
25
Operations and Maintenance Periodic Change Control Board Meetings Change and configuration Control Plan Periodic Vulnerability Scanning Vulnerability Management Plan Contingency Plan updates and periodic test Maintenance of Standard operating proceedures
26
SANS Critical Top 20 Security Controls Controls of Interest (Top 4+): 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4. Continuous Vulnerability Assessment and Remediation 5. Malware Defenses 12. Controlled Use of Administrative Privileges
27
Software Development Best practices Development test and production on separate systems and networks VM’s, NAT, ACL’s Software Development library Retrieve to update Update and put back in library Don not hold on developer system Restrict access to production Software release Process (controlled) Application Scanning Test and scan before release Mitigate vulnerabilities
28
Industry Standards and Best Practices Source: http://www.servicecatalog.dts.ca.gov/services/professional/security/docs/3117_network_architecture_s tandard.pdf http://www.servicecatalog.dts.ca.gov/services/professional/security/docs/3117_network_architecture_s tandard.pdf Source: OWASP Cheat Sheets
29
Secure Development Lifecycle Source: http://www.microsoft.com/en-us/SDL/adopt/tools.aspxhttp://www.microsoft.com/en-us/SDL/adopt/tools.aspx
30
Building Security in SDLC DHS Guidance – Improve Security and Software Assurance https://buildsecurityin.us-cert.gov/ https://buildsecurityin.us-cert.gov/ DHS Guidance – Secure Coding Sites and Training https://buildsecurityin.us-cert.gov/resources/secure-coding-sites https://buildsecurityin.us-cert.gov/resources/secure-coding-sites Microsoft Trustworthily Computing Initiative http://www.microsoft.com/en-us/twc/ http://www.microsoft.com/en-us/twc/ Open Web Application Security Project (OWASP) https://www.owasp.org/index.php/Main_Page https://www.owasp.org/index.php/Main_Page (ISC) 2® – Top 10 Best Practices for Secure Software Development https://www.isc2.org/uploadedfiles/%28isc%292_public_content/certification_programs/csslp/is c2_wpiv.pdf https://www.isc2.org/uploadedfiles/%28isc%292_public_content/certification_programs/csslp/is c2_wpiv.pdf University of California Berkley Security https://security.berkeley.edu/content/application-software-security-guidelines https://security.berkeley.edu/content/application-software-security-guidelines
31
Best Practices - Takes planning
32
Project Success Factors when using System Development Life Cycle Q & A Session
33
Project Success Factors when using System Development Life Cycle IT Sec Architecture Design Vulnerability Management Secure Development Lifecycle Risk Assessments Drive All IT Security and Risk Management Activities
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.