Describe 2 systems you developed and document what you did during the analysis, design, and implementation phases? Be specific, this question is worth 12 points. What happens if you jump too quickly to the design phase?
Information Security in the Systems Development Life Cycle
Planning:
During this first phase of the development life cycle, security
considerations are key to diligent and early integration,
thereby ensuring that threats, requirements, and potential
constraints in functionality and integration are considered.
At this point, security is looked at more in terms of business
risks with input from the information security office.
For example, an agency may identify a political risk resulting from
a prominent website being modified or made
unavailable during a critical business period, resulting in
decreased trust by citizens.
Key security activities for this phase include:
Initial delineation of business requirements in terms of
confidentiality, integrity, and availability;
Determination of information categorization and identification of
known special handling requirements to transmit, store,
or create information such as personally identifiable information;
and
Determination of any privacy requirements.
Analysis
This section addresses security considerations unique to the
second SDLC phase.
Key security activities for this phase include:
Conduct the risk assessment and use the results to supplement
the baseline security controls;
Analyze security requirements;
Perform functional and security testing;
Prepare initial documents for system certification and
accreditation;
Design
During this phase of SDLC, the security architecture is designed.
Implementation
During this phase, the system will be installed and evaluated in
the organization’s operational environment.
Key security activities for this phase include:
Integrate the information system into its environment;
Plan and conduct system certification activities in synchronization
with testing of security controls; and
Complete system accreditation activities.
Maintenance/Support
In this phase, systems are in place and operating, enhancements
and/or modifications to the system are developed and
tested, and hardware and/or software is added or replaced.
The system is monitored for continued performance in accordance
with security requirements and needed system modifications
are incorporated.
The operational system is periodically assessed to determine how
the system can be made more effective, secure,
and efficient.
Operations continue as long as the system can be effectively
adapted to respond
to an organization’s needs while maintaining an agreed-upon risk
level.
When necessary modifications or changes are identified, the system
may reenter a previous phase of the SDLC.
Key security activities for this phase include:
Conduct an operational readiness review;
Manage the configuration of the system ;
Institute processes and procedures for assured operations and
continuous monitoring of the information system’s
security controls; and
Perform reauthorization as required.
2.SDLC Phases
Planning:
Planning the system requires the user to define what the problem
is.
The planning may also include how the user would like to solve the
problem.
Defining the scope of the problem is also important in this stage
as well.
Defining the scope helps to prevent the project from scope
creep.
Once the problem is determined, and one or more solutions have been
selected, planning to implement the solution begins.
Multiple scenarios may be enacted to determine the best course of
action for implementing the system.
Course of action should be well documented and take into
consideration a schedule showing anticipated start and
completion
times of activities (milestones) leading to the objectives, knowing
expenditures required to achieve objectives,
scheduling regular status reviews (are we on course?), anticipating
any organizational restructuring to accommodate
the objectives, anticipating and planning for mitigation of risks
that may hinder achievements, implementing policies
and procedures for decision making, and defining a standard level
of performance.
Within the planning according to the John Sazinger "five of the
main activities must exist" as he explain in his book
the fives activities should include:
Define the problem
Produce the project schedule
Confirm project feasibility
Staff the project
Launch the project[3]
Why do plans fail? Some of the many reasons are:
Goals/specifications are not understood.
Objectives are too extensive for the time allotted.
Budgets were not accurate.
Project is understaffed or under skilled.
Status reviews were not scheduled or insufficient.
Poor morale (no commitment).
One of the most difficult decisions in planning is to know when
to pull the plug on a project.
This will require an effective control and monitoring system. If
you cannot monitor a system you cannot control it.
No organization wants to admit failure but there may come a point
when a project can no longer be salvaged.
This is especially critical with Information Technology projects
because of rapidly changing technologies.
Most managers are reluctant to prematurely terminate a project as
careers and egos are at stake.
The fallacy of sunk costs may play a role as well. The result is
that projects continue beyond the point of no return.
To avoid this problem, monitor and control systems must be put in
place early during the planning stage.
It is critical to define and enforce milestones where a project
will be terminated if necessary.
A saving grace is that because a project is terminated it doesn't
make it a complete failure.
Excessive cost are saved for the organization and management can
walk away with lessons learned that can be applied
to the next project.
In general there are two types of monitoring "INFORMAL" and
"FORMAL".
Informal are typically general meetings, email, and
observing.
The formal include status reports, scheduled milestones, audits,
reviews, and benchmarks.
The formal reviews are generally more costly and are used during
system development processes.
Both systems can be used in combination and involve the
questions:
"what performance metrics to use" and "how often do reviews
occur"?
Attention and energy must be focused on identifying and correcting
out-of-control processes.
Analysis
The analysis phase involves gathering requirements for the
system.
At this stage, business needs are studied with the intention of
making business processes more efficient.
The system analysis phase focuses on what the system will do in an
effort that views all stakeholders,
as viable sources of information. In the analysis phase, a
significant amount of time is spent talking with
stakeholders and reviewing the stakeholder’s input. Common
stakeholders for IT projects are:
Architecture office
Testing & certification office
Records management team
Application support group
Once stakeholders have been recognized, the gathering and
analysis of the requirements can begin.
Requirement gathering must be related to business needs or
opportunities.
Requirement analysis involves capturing requirements and analyzing
requirements.
Capturing requirements is communicating with stakeholders to agree
on what the requirements are.
Analyzing requirements is using standard tools to produce a
baseline of the requirements.
Once the stakeholders concur on the requirements, the baseline is
created and becomes the formal requirement source.
Within this analysis phase, the analyst is discovering and fact
finding.
Along with meeting with stakeholders,the analyst must meet with end
users to understand what the user's needs are and to
learn about problems that affect the current system in order to
assist with designing a new and more efficient system.
There are several activities that must occur within the analysis
phase:
Gather Information
Define the new system's requirements
Build prototypes for the new system
Prioritize requirements
Evaluate alternatives
Meet with management to discuss new options
Design
The design phase is concerned with the physical construction of
the system.
Included are the design or configuration of the network (hardware,
operating system, programming, etc.),
design of user interfaces (forms, reports, etc.), design of system
interfaces (for communication with other systems),
and security issues. It is important that the proposed design be
tested for performance,
and to ensure that it meets the requirements outlined during the
analysis phase.
In other words, the main objective of this phase is to transform
the previously defined requirements into a complete
and detailed set of specifications which will be used during the
next phase. Some of the activities that need to
take place during the design phase are:
Design the application
Design and integrate the network
Design and integrate the database
Create a contingency plan
Start a Maintenance, Training and Operations plan
Review the design
Articulate the business processes and procedures
Establish a transition strategy
Deliver the System Design Document
Review final design
Implementation
Initiating a project first requires the documenting of needs or
requirements.
Clear objectives should be developed from this study with reasons
for selecting the objectives.
Deliverables then need to be documented along with the project
scope.
Scope can be refined during this initialization process.
Assumptions and constraints should also be documented.
All stakeholders should be involved in this process.
This information will become the projects charter and the basis for
initiating the project.
The project then follows the PLAN-DO CHECK-ACT cycle
(as defined by Shewhart and modified by Deming, in the ASQ
Handbook, American Society for Quality, 1999).
The results of each cycle will be linked to the next as
input.
This process should increase the likelihood of deliverable
acceptance.
In order to achieve deliverable of acceptance and meeting of
objectives, the new system being built must be tested.
Aligned with this, the end users must be fully trained so the
company will benefit from the new system.
There are five activities that must be performed during the
implementation phase:
Construct software components
Verify and test
Convert Data
Training end users and document the system
Install the system
Describe 2 systems you developed and document what you did during the analysis, design, and implementation...
Listed below are the first 2 steps of the software life cycle. Describe what happens during each phase. 1. Analysis and specification of the task 2. Design of the software Listed below are the third and fourth steps of the software life cycle. Describe what happens during each phase. 3. Implementation 4. Testing Listed below are the last 2 steps of the software life cycle. Describe what happens during each phase. 5. Maintenance and evolution of the system 6. Obsolescence
CSCI 359 Systems Analysis and Design Written Assignment #1 Answer each of the following questions for 2 points. Submit all your answers in one file. Question 1: Propose a new meaningful project: give a name, definition and describe its scope as in a scope document (Your project proposals will be circulated in the class for creating new projects and forming project teams by the instructor). Question 2: What are the five phases of the SDLC? Question 3: What is the...
You will conduct a systems analysis project by performing 3 phases of SDLC (planning, analysis and design) for a small (real or imaginary) organization. The actual project implementation is not required (i.e. No coding required.) You need to apply what you have learned in the class and to participate in the team project work. Deliverables This project should follow the main steps of the first three phases of the SDLC (phase 1, 2 and 3). Details description and diagrams should...
During ancient times, when there was no systems of measurement yet developed, how did they measure lengths of objects. What problems did they encountered?
For the assignments in this course you will be developing a comprehensive document entitled Consultant’s Analysis Report on Enterprise Systems. Your first task in this process will be to select a project to use as the basis of your plan. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project week, you will add content to each section of the final document to...
Instructions Throughout the course, you worked on a substantial systems development case project where you worked through the first three phases of the structured systems development. In a professional essay format, concisely address the following: Discuss the three phases of the development methodology as applied to the case project. The goal of this essay is to demonstrate your understanding of the covered systems analysis and design course topics and highlight your overall learning experience. For each phase, demonstrate your understanding...
1. How does polymorphism contribute to the design of object-oriented systems? 2. Explain the role of the vptr and vtable in the implementation of virtual functions. 3. What is a pure virtual function and why would you ever use one? 4. What is the purpose of a virtual destructor? 5. Describe a situation where it makes sense for a class to have a destructor, but no constructor.
1. Describe the 3 phases of interphase and what occurs during each phase? 2. Compare and contrast mitosis and meiosis? 3. What is a phenotypic ratio? 4. What is a genotypic ratio? 5. What is Mendel's law of independent assortment?
1. List the definitions for prehypertension and hypertension 2. Explain physiologically what happens during systolic pressure and diastolic pressure. 3. Discuss what you are listening for during the five phases of blood pressure (describe the Korotkoff sounds) – be descriptive!
Question 2 What is a job analysis? Describe the significance of the job analysis. [15 marks] What is a job design? Discuss the different job designs which can be used in an organisation. [25 marks] Write short notes on the following: a. Job description b. Job specification [10 marks]