Please read instructions carefully and follow outline. Please complete all weeks. There will be 2 pages for each week.
Throughout this course you will be working on several aspects of software assurance and the security development life cycle (SDLC), which will result in a complete software assurance guidelines document for a company of your choosing. Software assurance promotes standards, processes, tools, and techniques to produce software with a reduced risk of security breaches.
Each week, you will complete a part of the software assurance guidelines document. The final draft is due at the end of the course. Here is a brief introduction to the work of each week:
• In Week 1, you will select an organization as the target for your software assurance guidelines document. Use the provided outlines to create the document shell. Then, complete the first two sections of the document, which are Project Outline and Security in the Development Life Cycle.
• In Week 2, complete the Software Assurance Techniques section. This is based on the company introduction in first two sections in Week1 and continues to discuss the guidelines for software assurance techniques as applied to the applications being developed by the company.
• In Week 3, complete the Security in Nontraditional Development Models section. In this section, besides the guidelines you provided in Week 2, you will provide guidance to the company when it is using nontraditional development models to ensure that it follows processes and policies that will minimize the threat of security problems.
• In Week 4, complete the Security Static Analysis section. In this section, you will identify and apply some tools commonly used to examine code to determine the level of security and to identify areas where security may be weak or missing.
• In Week 5, complete the Software Assurance Policies and Processes section and finalize the entire document. These policies and procedures will be instrumental in the ongoing value of software assurance in your company.
You will select an organization, and apply your research to the analysis and development of software assurance policies and processes that would be appropriate for the organization and the software applications they produce for the government. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course’s Key Assignment, which you will make contributions to each week.
Project Selection:
The first step will be to select an organization as the target for your software assurance guidelines document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:
• Nontrivial: The selected organization should be large enough to allow reasonable exercise of the software assurance guidelines planning process.
• Domain Knowledge: You should be familiar enough with the organization to allow you to focus on the planning tasks without significant time required for domain education.
• Accessibility: You should have access to the people and other information related to the organization. This will be an important part of the planning process.
The selected organization may already have software assurance guidelines in place and still be used as the basis for the projects in this course. The selected organization must produce software applications for the government, and is therefore subject to software assurance requirements. It is understood that such an organization may not be readily accessible. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of organization selection.
Select an existing organization, or identify a hypothetical organization that fits the requirements listed above. Submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. After approved, continue to complete the Week 1 assignment described below and submit it.
Assignment:
For the assignments in this course, you will not be implementing any software assurance policies or procedures. You will be developing a comprehensive software assurance guidelines document. Your first task in this process will be to select an organization (or identify a hypothetical organization) to use as the basis of your projects. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project deliverable. Appropriate research should be conducted to support the development of your guideline document, and assumptions may be made when necessary.
Week 1: The project deliverables are the following:
• Submit your organization proposal to instructor for approval.
• Create a software assurance guidelines document shell in Word. It should include the following:
o Create a title page
Course number and name
Project name
Student name
Date
o Table of contents (TOC)
Use autogenerated TOC
Separate page
Maximum of 3 levels deep
Update the TOC before submitting your project
o Section headings (create each heading on a new page with “TBD” as content, except for sections listed under New Content below)
Project Outline
Security in the Development Life Cycle
Software Assurance Techniques
Security in Nontraditional Development Models
Security Static Analysis
Software Assurance Policies and Processes
o New Content
Project outline and requirements
Brief description of the organization (can be hypothetical) and where the guidelines will be implemented
Company size, location(s), and other pertinent information
List of the software applications provided by the company for the government
The software list must include at least 1 desktop and 1 Web application.
A database must be used with one of the applications.
A summary of the software development organization within the company, employees and reporting structure, systems and technologies used for software development, testing, source control, and document storage
Material can be taken from the approved proposal that was submitted to the instructor (ensure that this project is approved by the instructor).
Security in the development life cycle
Provide an outline of the SDLC model that is used in your organization, including each of the major phases.
This should be a traditional SDLC. Extended models, such extreme programming, will be covered in a later section.
Identify specific components of the security development model that can be applied to each of the phases of your SDLC model.
For each pairing of security development model component to SDLC model phase, describe how the security model is applied and the major tasks that are involved.
Week 2:
Continue development of the software assurance guidelines document. New content will include guidelines for software assurance techniques as applied to the applications being developed by the company. This includes desktop, Web, and database applications.
One of the first tasks in the development of a software assurance guidelines document is to determine how software assurance techniques can be applied to the applications being developed by the company. These applications are usually in 3 categories: desktop applications, Web applications, and mobile applications. In addition, some of the applications will probably use a database for the storage of information. To create this part of the software assurance guidelines document, it is necessary to understand the security risks applicable to these types of applications, and identify how the applications can be secured.
For this assignment, you will identify the types of applications that are being produced by the company, and perform an evaluation of security risks applicable to these applications. You will then identify the types of software assurance techniques to be used for security risk mitigation in each of the software applications.
The project deliverables are as follows:
• Update the software assurance guidelines document title page with new date and project name.
• Update the previously completed sections based on instructor feedback.
• Complete the Software Assurance Techniques section.
o Analysis:
List and describe at least 3 software applications that are produced by the organization. The applications must include at least 1 desktop application and 1 Web application.
One of the applications must use a database for data storage.
Identify at least 2 areas of each application that are at security risk, and describe the possible threats and their implications to the organization and to the client (in this case, the government).
For each security risk, identify at least 1 software assurance technique that can be applied to reduce the security threat.
o Guidelines:
Based on the analysis that was performed in the previous step, prepare a set of software assurance guidelines that the organization can use for all of the applications that it creates.
Guidelines should be categorized by the type of software application and if the application is using a database for data storage or not.
Guidelines should identify the software assurance technique to be applied, and they should provide sufficient detail to allow the software development group to implement the technique.
• Be sure to update your table of contents before submission.
Week 3:
Software development has witnessed tremendous advances with the development of new and better tools and models for development. Businesses typically no longer use models with sequential phases and limited iterations. New development models, such as agile development, extreme programming (XP), and scrum, use teams with highly focused goals, clear deliverables, and iterative development cycles to improve the efficiency of development. These software development models also introduce new security risks in the development organization and the code that is produced.
For this assignment, you will continue development of your software assurance guidelines document to address security in nontraditional development models. This new section of your document will provide guidance to the company when it is using nontraditional development models to ensure that it follows processes and policies that will minimize the threat of security problems. The security development model will be used as the basis for your analysis.
The project deliverables are as follows:
• Update the software assurance guidelines document title page with the new date and project name.
• Update previously completed sections based on instructor feedback.
• Security in Nontraditional Development Models section:
o Identify a non-traditional software development model that could be used by your company.
o Provide a summary of the major steps in the development model, and describe the potential security threats for each step.
o Using the security development model as the foundation for analysis, develop and document appropriate policies and processes for each security risk that will minimize the threat.
o Association with the security development model should be demonstrated in the policies and processes.
• Be sure to update your table of contents before submission.
Week 4:
One of the most important steps in software assurance is establishing the processes that are used in the code that will support the security that is required to minimize potential breaches. Static analysis tools and techniques are an important part of this process. These tools are commonly used to examine code to determine the level of security and to identify areas where security may be weak or missing.
For this assignment, you will continue development of your software assurance guidelines document for your selected organization. New content will include a section called Security Static Analysis. In this section, you will focus on an application that your organization might produce. You will first create a design for an application with code samples in C or C++ to illustrate the tenets of the security development model. You will also identify security static analysis tools, and prepare guidelines on how they would be used in the sample code and throughout the software development in the company.
The project deliverables are as follows:
• Update the software assurance guidelines title page with new date and project name.
• Update the previously completed sections based on instructor feedback.
• Complete the Security Static Analysis section:
o Prepare a design for an application your organization might produce.
o Include appropriate diagrams to identify the major components of the application.
o Describe the major components and potential security issues where appropriate and as related to the security development model.
o Create code samples in C, C++, or Java to illustrate the tenets of the security development model.
o Identify at least 3 security static-analysis tools, and prepare guidelines for how they would be used in the sample code and throughout the software development in the company
• Be sure to update your table of contents before submission.
Week 5:
The final step in developing the software assurance guidelines document is to develop the overall software assurance policies and processes that include software developer training, software assurance metrics to be collected, and the security team’s role and responsibilities These policies and procedures will be instrumental in the ongoing value of software assurance in your company. You will also further refine the software assurance guidelines document and produce the final version. Updates may be based on peer and instructor feedback.
The final project deliverables are as follows:
• Update the software assurance guidelines document’s title page with new date and project name.
• Update previously completed sections based on instructor feedback.
• Software Assurance Policies and Processes section:
o Prepare a plan for the training of the software developers in the organization on the new software assurance guidelines.
o Define the metrics that will be collected to track the effectiveness of software assurance in the company.
Include a description of how each of the metrics will be obtained and used.
o Identify the roles and responsibilities of the members of the security team with respect to software assurance in the organization.
• Software assurance guidelines document, final version:
o Review the entire document for any changes and improvements you would like to make.
o Ensure that this final version of the plan is sufficiently detailed to allow the organization to confidently move forward with software assurance based on your findings.
o Any previous instructor feedback should be addressed with appropriate changes.
• Be sure to update your table of contents before submission.
Interested in getting help with this assignment?
Get a professional writing team to work on your assignment!
Order Now
Recent posts
For this final assignment, you will prepare a brief paper detailing the steps undertaken to complete a presentation that disseminates information you assemble
Please choose to answer only one of the 2 following questions. Option 1: In your opinion and based on scientific, peer-reviewed published evidence, does child
At the beginning of the previous academic year, the institution announced it would drop football at the conclusion of the season. The announcement created pub
you will review current research in Personality and provide a critical evaluation of that personality research through an annotated bibliography. An annotated
In Module 5, we considered the third in our three-part series on research design. Specifically, the focus was on the longitudinal studies, in which the resear
Need help with a similar or different Task?
We have the best writers to help you. Hire Writer Now
