Computer Science Homework Help

CS S321 Colorado Technical University Online 1 Security Development Model

Get Your Custom Essay Written From Scratch
We have worked on a similar problem. If you need help click order now button and submit your assignment instructions.
Just from $13/Page
Order Now

Assignment Description

Throughout
this course you will be working on several aspects of software
assurance and the security development life cycle (SDLC), which will
result in a complete software assurance guidelines document for a
company of your choosing. Software assurance promotes standards,
processes, tools, and techniques to produce software with a reduced risk
of security breaches.

Each week, you will complete a part of the software assurance
guidelines document. The final draft is due at the end of the course.
Here is a brief introduction to the work of each week:

  • In Week 1, you will select an organization as the target for your
    software assurance guidelines document. Use the provided outlines to
    create the document shell. Then, complete the first two sections of the
    document, which are Project Outline and Security in the Development Life
    Cycle.
  • In Week 2, complete the Software Assurance Techniques
    section. This is based on the company introduction in first two sections
    in Week1 and continues to discuss the guidelines for software assurance
    techniques as applied to the applications being developed by the
    company.
  • In Week 3, complete the Security in Nontraditional
    Development Models section. In this section, besides the guidelines you
    provided in Week 2, you will provide guidance to the company when it is
    using nontraditional development models to ensure that it follows
    processes and policies that will minimize the threat of security
    problems.
  • In Week 4, complete the Security Static Analysis section.
    In this section, you will identify and apply some tools commonly used to
    examine code to determine the level of security and to identify areas
    where security may be weak or missing.
  • In Week 5, complete the Software Assurance Policies and
    Processes section and finalize the entire document. These policies and
    procedures will be instrumental in the ongoing value of software
    assurance in your company.

You will select an organization, and apply your research to the
analysis and development of software assurance policies and processes
that would be appropriate for the organization and the software
applications they produce for the government. Additional information and
the deliverables for each Individual Project will be provided in the
assignment description for the project. This is the course’s Key
Assignment, which you will make contributions to each week.

Project Selection:

The first step will be to select an organization as the target
for your software assurance guidelines document. This organization will
be used as the basis for each of the assignments throughout the course
and should conform to the following guidelines:

  • Nontrivial: The selected organization should be
    large enough to allow reasonable exercise of the software assurance
    guidelines planning process.
  • Domain Knowledge: You should be familiar
    enough with the organization to allow you to focus on the planning tasks
    without significant time required for domain education.
  • Accessibility: You should have access to the
    people and other information related to the organization. This will be
    an important part of the planning process.

The selected organization may already have software assurance
guidelines in place and still be used as the basis for the projects in
this course. The selected organization must produce software
applications for the government, and is therefore subject to software
assurance requirements. It is understood that such an organization may
not be readily accessible. Therefore, you may feel free to identify a
hypothetical organization that meets the requirements. Any necessary
assumptions may be made to fulfill the requirements of organization
selection.

Select an existing organization, or identify a hypothetical
organization that fits the requirements listed above. Submit your
proposal to your instructor before proceeding further with the
assignments in the course. Approval should be sought within the first
several days of the course. After approved, continue to complete the Week 1 assignment described below and submit it.

Assignment:

For the assignments in this course, you will not be implementing any
software assurance policies or procedures. You will be developing a
comprehensive software assurance guidelines document. Your first task in
this process will be to select an organization (or identify a
hypothetical organization) to use as the basis of your projects. You
will also create the shell document for the final project deliverable
that you will be working on during each unit. As you proceed through
each project phase, you will add content to each section of the final
document to gradually complete the final project deliverable.
Appropriate research should be conducted to support the development of
your guideline document, and assumptions may be made when necessary.

The project deliverables are the following:

  • Submit your organization proposal to instructor for approval.
  • Create a software assurance guidelines document shell in Word. It should include the following:
    • Create a title page
      • Course number and name
      • Project name
      • Student name
      • Date
    • Table of contents (TOC)
      • Use autogenerated TOC
      • Separate page
      • Maximum of 3 levels deep
      • Update the TOC before submitting your project
    • Section headings (create each heading on a new page with “TBD” as content, except for sections listed under New Content below)
      • Project Outline
      • Security in the Development Life Cycle
      • Software Assurance Techniques
      • Security in Nontraditional Development Models
      • Security Static Analysis
      • Software Assurance Policies and Processes
    • New Content
      • Project outline and requirements
        • Brief description of the organization (can be hypothetical) and where the guidelines will be implemented
        • Company size, location(s), and other pertinent information
        • List of the software applications provided by the company for the government
          • The software list must include at least 1 desktop and 1 Web application.
          • A database must be used with one of the applications.
        • A summary of the software development organization within the
          company, employees and reporting structure, systems and technologies
          used for software development, testing, source control, and document
          storage

          • Material can be taken from the approved proposal that was submitted
            to the instructor (ensure that this project is approved by the
            instructor).
      • Security in the development life cycle
        • Provide an outline of the SDLC model that is used in your organization, including each of the major phases.
        • This should be a traditional SDLC. Extended models, such extreme programming, will be covered in a later section.
        • Identify specific components of the security development model that can be applied to each of the phases of your SDLC model.
        • For each pairing of security development model component to
          SDLC model phase, describe how the security model is applied and the
          major tasks that are involved.
  • Name the document “yourname_CSS321_IP1.doc.”
  • Submit the document for grading