Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Case Project 7-1: Determining Software Engineering Risks for Alexander Rocco Aft

ID: 3889786 • Letter: C

Question

Case Project 7-1: Determining Software Engineering Risks for Alexander Rocco After reviewing all the applications Alexander Rocco uses, you notice that many have been modified or changed during the past couple of months. Two of the company's financial applications are written in C and , according to Randy Stegner, the IT security administrator, monitor the company's accounts and financial data.Mr.Stegner discovered that several modifications weremade to one program, with no documentation indicating who made the changes or why. Based on this information, write a memo to Mr. Stegner with your findings and any recommendations you might havefor improving the security of the company's software engineering practices. Search the internet for any information on securing company software. Does the OSSTMM address any of these issues? What improvements would you recommend to better protect this information?

Explanation / Answer

Following steps can be taken to enhance software system security in an enterprise

1. Separation of duties: We should divide the duties among different teams and they should be as mutually exclusive as possible. So that whenever there is such unnoticed or unannounced change in the software, we can see that which area of the code is modified and thus we know that which particular team is to be questioned. This narrows down our search.

2. Security awareness training: Application users should be trained about the best practises, in order to guarantee the on-going security of the application. Training can be in the form of an educative email to the users or an outright training program with a technical facilitator.

3. User authentication: Passwords, tokens and biometrics are some authentication tools that can be deployed to improve the security of software applications. This way we can guarantee that only authentic user can log into our system.

4. Audit trails: This means that whenever any user does any activity on the application, it should be recorded somewhere. So this way whenever a user makes any change in the code or does any other activity, we will havee the Date and Time of that activity and also the information about who had made that change. Every organization should comply to this requirement.

Related Questions

Case Problem: The Motion Picture Industry The motion picture industry is a compe
Question #3041868
Case Processina Summary Cases Valid Mis Total N Percent N Percent N Percent 41 1
Question #3354026
Case Processing Summary Cases Missing Total 03a. Country\'s present economic con
Question #3359521
Case Processing Summary Cases Valid Missing Total N Percent N Percent N Percent
Question #3355945
Case Project 1 A local hospital asks you to help improve its network’s fault tol
Question #3860245
Case Project 1-1 -To install a network in its downtown office. -Four PCs - Windo
Question #3663350
Case Project 1-1: Recommending Windows Server 2008 to an Organization You are a
Question #3813615
Case Project 1-2: Creating a Batch File in Windows Server 2008 In preparation fo
Question #3813617
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Case Project 7-1: Choosing a Virtual Disk Configuration You have two Windows Ser
Next
Case Project 7-2 Your instructor might want you to organize in groups for this p

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.