The (SDLC) is made up of phases and it is critical to incorporate security from the beginning of build and throughout the development. The typical SDLC has main functions that need to be protected or there could be a huge impact. Performing security assurance through penetration testing, code reviews, and architecture analysis activities. There is a great advantage in security awareness like secure software being implemented into the system.
Being aware of the security concerns of the stakeholders in the organization. Having the advantage of early warning and detection of vulnerabilities in the system that can be addressed. Detecting and implementing patches and fixes can reduce cost in the long run for security. Minimizing the risk of the organizational project and business missions and vision for the company.
First overall IT security personnel management needs to work closely with stakeholders to ensure security strategies are meeting expectations. This communication can give the stakeholder more confidence in moving forward with the projects. Meet with stakeholder on routine bases will help get a jump on early concerns that could negatively affect the project timeline. Don’t be afraid to tell a stakeholder the importance of security awareness and being proactive can help the development and cut cost for the future of the SDLC. Emphasize the requirements and details of having security activities in place.
It is the job of the CEO and the executive management to answer the concerns of the stakeholders of the organization. All stakeholders are not the same and all have different demands that need to be met for the success of the company performance. Keeping a balance of demands and power or influence of what stakeholder are demanding are very important. These demands can conflict with other needs of the company or stakeholders resulting in impacts on the timeline of operations. These stakeholders have a high and low ranking order in accordance with executive management.
Customers- are the number one stakeholder the reason for this is they make up the success of a company or failure of a company. Customers make up the demand for product and values of the company and they spend money. Customer’s makeup the monetary value of the company and its demand for business.
Employees- are a direct effect on the production and timelines of the company. Employees drive the creation of the product in the company and consumer services. Retention is one of the biggest priorities of a company at every level of worker. Keeping a good ethical working environment can help with keeping top talent in the company.
Shareholders- let me be blunt they own the company and have provided the monies to get the company started. Their demands are important when they occur the reason a shareholder’s demands would most likely occur when the company is doing poorly. Normally they are pretty happy and stay out of the day to day operations. Stakeholders are represented by a board who can act on their behalf like hiring and firing executive staff from CEO on down.
Business partners, distributors, and suppliers- are important because of the service or talent they can provide that our company does not. Relationships are very important in the business world when it comes to supply and demand for products in operations. Maintaining a long and healthy relationship with partners are crucial for the redevelopment of product and geographical development of the company. Partners have agendas and goals in which expectations need to be met by both parties until better relationships are made.
The local economy- becoming a good pillar to the local community and showing job productivity is great. Being an equal opportunity employer would be a great message to send to the community. Being seen in the green can appeal to community officials that can help open doors for local relationships. This can also create a strong local support base for future geographical development of the company.
Project managers dealing with scope creep have to adjust and add to projects and adjust timelines. While performing the adjustments and making the project bigger for the request there will have to be added security. When implementing new security there will have to be an evaluation of the project from beginning to estimate end. Reviewing the objectives will allow problems in the development to be found, corrective actions taken earlier than later. By the scope creep forcing the managers to review and fix errors they are able to reduce risk to the project and lower cost to the project. Security awareness is heightened and the integrity of the project is secure.
The scope of the software will have to perform adjustments to take on new security changes. Whenever an idea or request is made for a change to the project it affects the layer it will pertain to. New security measures will have to be taken to ensure that the software changes are checked before implementing them into the system. Software testing is performed for the security of the project and timelines for completion. Not performing security checks could have a negative impact on the projects overall completion. This could directly impact the stakeholder’s expectations of the project and the company’s reputation.
An operating system has applications that allow operations to happen in specific ways. Access to websites and informational traffic is also affected by the applications on the operating system. Keeping the operating system up to date with the latest patches can help increase the integrity of the system. “The system may simply not have been the target of an attack, the integrity of design may have been compromised by changes made over the years, or a change in an underlying component or service may provide a new avenue of attack (Miller, 2014).”
Error messaging and information from that message can help the project manager make decisions on how to deal with the attack or error. The information used from this error message can be analyzed for a plan of attack in fixing the error. The information can also be used to determine what part of the system has been compromised and what fixes need to be implemented. Information from the error message can be stored and used for training and identification purposes for a quick response if there is a reoccurrence of the same error.
Having a proper and strong storage plan for project information is key to the security of the project. Making sure that there is adequate storage for the information of the project is important not laptops or USB device are not efficient for securing data. Even running a local server would not be a good plan of attack for this job. Data preservation can be accomplished by turning data over to a data custodian that can take the necessary step to secure the information. Having an effective data plan can reduce the risk of a hacker coming in contact with your research information. If exposure happens the hacker can exploit the project and implement their own malicious software into the project.
