Cybersecurity Processes & Technologies

profilevemylami
CaseStudy3ApplicationLifecycleManagementv4-11.docx
Home>Information Systems homework help>Cybersecurity Processes & Technologies

Case Study #3: Technology & Product Review for Application Lifecycle Management Tools

Case Scenario:

As a Nofsinger consultant, you have been tasked with researching and recommending an Application Lifecycle Management (ALM) tool. Your deliverable for this task will be used to help obtain buy-in from the company's program managers for increased security investments.

An Application Lifecycle Management tool (product) is used to help manage and protect digital assets which are part of or contribute to the management of software applications (especially source code and design documents) throughout the Software & Systems Development Life Cycle (SDLC). The digital assets for each software application must be protected from initiation of a development or acquisition project through to disposal of equipment at the end of its useful lifespan.

Multiple Sifers-Grayson managers have responsibility for making sure that Sifers-Grayson products are developed and delivered on-time and in compliance with the contractual requirements for functionality ("quality"). For the current set of customers this means that Sifers-Grayson must implement security focused configuration management (see NIST SP 800-128). Configuration management is a first-line defense against attacks intended to compromise the security and integrity of software applications. This business process is part of a larger, more complex process known as application lifecycle management.

Note: Application Development Lifecycle Management (ADLM) is related to ALM but does not encompass the entire SDLC. If you choose to review an ADLM tool, make sure that you address the limitations, i.e. does not cover all phases of the ALM. State what impact these limitations may have upon application security for the entire SDLC.

During initial interviews, the engineering managers and program managers provided the following information to your team.

1. Software and Systems Development are the lifeblood of the client company, Sifers-Grayson. From robots to drones to industrial control systems for advanced manufacturing, every product or system sold by the company depends upon software. Some system functions depend upon tiny control programs that capture data from a sensor or command an actuator to move. Other system functions depend upon sophisticated software algorithms to receive and analyze data to make sense out of the surrounding environment.

2. Sifers-Grayson's engineers are responsible for writing and testing this software. But, they've never had to worry about cybersecurity ... especially not internal security over software development activities in their own facilities.

3. The engineers feel ownership over their files and folders of source code.

4. There are occasional pranks between engineers working in the labs but software is “sacred” and “off limits.”

5. The engineers believe that “No one would dare mess with a file containing source code for an operational system or a system that has moved into the integration and test phase of the software lifecycle.”

The Nofsinger Engagement Leader (your boss), has provided the following advance notice information as part of your background briefing for this task.

1. Within the next 60 days, a Nofsinger Red Team will conduct penetration tests for the enterprise.

2. The Red Team test plan includes attacks designed to demonstrate to the engineers and managers (through penetration testing) that there is a need to protect digital assets, especially software designs, source code, and related artifacts from both insider and external threats.

Research:

1. Review the weekly readings.

2. Using Google or another search engine, identify an Application Life Cycle Management product which could meet the needs of Sifers-Grayson. Then, research your chosen product using the vendor’s website and product information brochures.

3. Find three or more additional sources which provide reviews for (a) your chosen product or (b) information about Application Life Cycle Management.

Write:

Write at least 3 pages summary of your research. At a minimum, your summary must include the following:

1. An introduction or overview for the security technology category (Application Lifecycle Management)

2. A review of the features, capabilities, and deficiencies for your selected vendor and product

3. Discussion of how the selected product could be used by Sifers-Grayson to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.

4. A closing section in which you restate your recommendation for a product (include the three most important benefits).

As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. protection, detection, prevention, “governance,” confidentiality, integrity, availability, nonrepudiation, assurance, etc.). See the ISACA glossary https://www.isaca.org/pages/glossary.aspx if you need a refresher on acceptable terms and definitions.

Submit For Grading

Submit your case study in MS Word format (.docx or .doc file) using the Case Study #3: ALM Technology & Product Review assignment in your assignment folder. (Attach the file.)

Additional Information

1. There is no penalty for writing more than 3 pages but, clarity and conciseness are valued. If your case study paper is shorter than 3 pages, you may not have sufficient content to meet the assignment requirements (see the rubric).

2. Your paper should use standard terms and definitions for cybersecurity.

3. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA).

4. Consult the grading rubric for specific content and formatting requirements for this assignment.

Recommended Resources for Case Study #3

· What is Application Lifecycle Management?- https://www.inflectra.com/spirateam/highlights/understanding-alm-tools.aspx

· Secure Application Lifecycle Management- (see attachment)

· 15+ Best ALM Tools (Application Lifecycle Management Tools in 2019)- https://www.softwaretestinghelp.com/best-alm-tools/

Rubric Name: Case Study: Technology & Product Review Rubric

Criteria

Excellent

Provided an introduction or overview for the security technology category

Provided an excellent overview of the security technology category assigned for this case study. The overview appropriately used information from 3 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.

Identified and Reviewed a Vendor product

Provided an excellent review of the features, capabilities, and deficiencies for a selected vendor product in the assigned security technology category. The review appropriately used information from 5 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.

Reported on how the product could be used to support cybersecurity objectives (i.e. confidentiality, integrity, availability, authorization, authentication, etc.)

Provided an excellent discussion of how the selected product could be used to support cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc. Discussion provided five or more specific examples of how use of this product would positively impact cybersecurity for information, information systems, and/or networks. The discussion was supported by information drawn from authoritative sources.

Professionalism: Use of Cybersecurity Terminology

Demonstrated excellence in the use of standard cybersecurity terminology to support discussion of the technology. Appropriately used 5 or more standard terms.

Professionalism: Use of Authoritative Sources / Resources

Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in-text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.). Five or more authoritative sources were used and cited.

Professionalism: Organization & Appearance

Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.

Professionalism: Execution

No formatting, grammar, spelling, or punctuation errors.