PricingBlogAbout Us

Software Development Report: SAMM, Business Functions, and Security

Verified

Added on  2022/09/02

|11
|1871
|17
Report
AI Summary
This report delves into the Software Assurance Maturity Model (SAMM) and its application within various business functions, particularly focusing on the role of a software developer within the Ministry of Education. It outlines how SAMM helps organizations implement a security strategy to mitigate risks associated with software development, emphasizing the importance of protecting sensitive information. The report explores the different business functions, including governance, construction, verification, and deployment, with a detailed examination of the governance function. It highlights the three crucial security practices within governance: strategy and metrics, policy and compliance, and education and guidance. The report explains how these practices are implemented to ensure security in software development, especially in the context of the Ministry of Education, which necessitates robust security measures for its operational activities. It also discusses the importance of aligning security goals with organizational objectives and the role of education and training in enhancing security awareness and improving business outcomes.
Document Page
Running head: SOFTWARE DEVELOPMENT
Business function
Name of the Student
Name of the University
Author’s Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1
SOFTWARE DEVELOPMENT
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Description of SAMM............................................................................................................2
Defining various business functions......................................................................................3
Software developer oriented business functions....................................................................3
Governance........................................................................................................................4
Different security practices of business functions.............................................................4
Conclusion..................................................................................................................................5
References..................................................................................................................................7
Document Page
2
SOFTWARE DEVELOPMENT
Introduction
The SAMM presents the software assurance maturity model which is considered as
open type of framework helping the organizations for implementing a security strategy that
involves in a mitigation of particular risk faced by most of the organizations. Each of the
organization has a software development area and in this area, there exists a huge range of
sensitive information (Barclay 2014). To protect the organizational information, there must
be implemented a security policy by which the organizations can utilize the benefits of
software development without any tension. There consists various business functions and
within all business functions, software development is mandatory for all. Here, the job role is
related with the software developer at ministry of education. This job role is based on the job
function of governance (Le and Hoang 2016). Here, this report follows how the security
practice is implemented in the business function of governance.
Discussion
Description of SAMM
SAMM is mainly categorised as a framework that helps to the organizations for
formulating as well as implementing a security strategy which involves in the processing of
mitigation of such particular risks facing by most of the business organizations (Jaatun et al.
2015). Few resources are required to build this software security model and these resources
are such as evaluation of organizational existing software for implementing security practices
as well as building of a software security related programs within a set of iterations,
demonstration of improvement strategy for security program and also definition or
measurement of the security activities throughout the organization.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3
SOFTWARE DEVELOPMENT
Defining various business functions
This model is mainly developed for maintaining the business functions in which the
software development is an obvious thing (Kulenovic and Donko 2014). Moreover, in the
software development, it must implement the security practices for managing their sensitive
information. In the field of software development, the security assurance maturity model is
necessary for curing the software related risks. The software development is occurred in
various business functions including governance, construction as well as verification and also
deployment (Sjelin and White 2017). The governance is based on such processes which is
based on the activities of managing software development related activities by organizations.
This section is mainly related with the limitation that are required to be maintained by the
organizations in the case of software development. After the first function of governance, the
second step is the construction stage in which the organization outlines its goals and based on
the business objectives, the software development is processed.
Fig: Business functions of SAMM
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4
SOFTWARE DEVELOPMENT
This stage mainly comprises the steps including design as well as architecture and
also implementation. After this function, the third function is the verification phase in which
the development progress of the software is checked whether it is correct or not. In this stage,
the coding of the software implementation is reviewed and the security is tested (Much
2016). While all of these are done, the last function occurs that is known as deployment
function in which the organization releases the software and applying in such activities and
observes the running time or normal operations of the software.
Software developer oriented business functions
As a software developer, it requires to follow the security assurance maturity model
for assisting the security in the software. In the section of the ministry of education, there
happens a variety of software development process and in that case, the software developer
must maintain the security model for managing the sensitive data or organizational progress.
At that time, the software developer must implement the first business function regarding the
governance among four business functions (Ormrod and Turnbull 2016). In the phase of
governance, the software developer must follow the important three steps including strategy
and metrics, policy and compliance and also education and guidance.
Governance
The strategy and metrics includes a framework which contains few strategies related
with the software implementation in order to reach to the organizational goal. After that, it
comes to the second step that is considered as policy and compliance which contains the
policies of the security assurance related programs and during the time of software
development, the organization needs to follow those policies for security purposes. Within
this phase, the software developer must maintain the third step that is mentioned as education
and also guidance the software developer must know about the guidance of the security
programs and also provide the training to the others (Wood and Vickers 2018).
Document Page
5
SOFTWARE DEVELOPMENT
Fundamentally, this step is used to increase the knowledge regarding the security programs of
the software development.
Fig: Security practices of Governance
Different security practices of business functions
As discussed about the job role of software developer in the field ministry of
education, therefore in that case, it orients with the business function of governance.
Fundamentally, the ministry of education is one kind of public service department which
relates with the educational industry. In this sector, the main operational activities are to
establish various policies as well as plans for the educational sector, taking the charge of the
planning or coordinate the education at the different levels and also promote the development
of the education along with providing the guidance for monitoring all of the actions over the
educational industry (Seago 2017). To conduct all of the operational activities, it requires to
develop the security in the software development. To relate this job role, the security
assurance model must follow the business function of governance. As discussed in previous
section, there are three different security practices within this business function of
governance.
Strategy and metrics – To promote the development of the security assurance model,
the strategy and matrices is a framework for the construction of security model. The purpose

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6
Strategy and metrics
Measure and improve
Create and promote
SOFTWARE DEVELOPMENT
of this step is to define the security goals that are considered as the measurable items and also
aligned with the organizational business risks (Morrison 2015). In the advanced levels of this
security practices, the organization collects various data sources of internally or externally as
well as metrics and also feedback of this security program. This helps to enhance the
understanding of the benefits of this security model.
Policy and compliances – This stage is based on such legal or regulatory requirements of the
security standards for ensure compliance that is aligned with the business purpose. This
practice involves the organizational understanding in both of the internal as well as external
security drivers involving with the maintenance of the security model with the project team.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
Policy and compliances
Policy standards Compliance management
Education and guidance
Training and awareness Organization and culture
SOFTWARE DEVELOPMENT
Education and guidance – This step generally defines the guidance for handling the security
throughout the lifecycle of the software. Through this practice, mostly the proper training is
provided to the employees for handling the security in the development of the software.
Moreover, the training also helps to enhance the business improvement.
Conclusion
The security model is referred as the framework which is applicable for the
organisations to provide the proper security to the development process of the software. This
Document Page
8
SOFTWARE DEVELOPMENT
report relates with the job role of software developer in the field of ministry of education. In
that case, the software requires to follow this security model for providing the security. This
security model contains such four phases and this phases are based on the overall process of
the security model development. This report represents the four stages including governance,
construction as well as verification and also deployment. This security model is too much
necessary for security purposes of the sensitive information that are existing in software of
the organizations.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
9
SOFTWARE DEVELOPMENT
References
Barclay, C., 2014, June. Sustainable security advantage in a changing environment: The
Cybersecurity Capability Maturity Model (CM 2). In Proceedings of the 2014 ITU
kaleidoscope academic conference: Living in a converged world-Impossible without
standards? (pp. 275-282). IEEE.
Jaatun, M.G., Cruzes, D.S., Bernsmed, K., Tøndel, I.A. and Røstad, L., 2015, September.
Software security maturity in public organisations. In International Conference on
Information Security (pp. 120-138). Springer, Cham.
Kulenovic, M. and Donko, D., 2014, May. A survey of static code analysis methods for
security vulnerabilities detection. In 2014 37th International Convention on Information and
Communication Technology, Electronics and Microelectronics (MIPRO) (pp. 1381-1386).
IEEE.
Le, N.T. and Hoang, D.B., 2016, December. Can maturity models support cyber security?.
In 2016 IEEE 35th international performance computing and communications conference
(IPCCC) (pp. 1-7). IEEE.
Morrison, P., 2015, May. A security practices evaluation framework. In 2015 IEEE/ACM
37th IEEE International Conference on Software Engineering (Vol. 2, pp. 935-938). IEEE.
Much, A., 2016. Automotive security: challenges, standards and solutions. Softw. Qual.
Prof, 18(4), pp.4-12.
Ormrod, D. and Turnbull, B., 2016. The Military Cyber-Maturity Model: Preparing Modern
Cyber-Enabled Military Forces for Future Conflicts. In 11th International Conference on
Cyber Warfare and Security: ICCWS2016 (p. 261).
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10
SOFTWARE DEVELOPMENT
Seago, J., 2017. Climbing the scale: many internal audit departments are turning to maturity
models to deliver opinions about organizational performance. Internal Auditor, 74(2), pp.38-
44.
Sjelin, N. and White, G., 2017. The Community Cyber Security Maturity Model. In Cyber-
Physical Security (pp. 161-183). Springer, Cham.
Wood, P.B. and Vickers, D., 2018, March. Anticipated impact of the capability maturity
model integration (CMMI®) v2. 0 on aerospace systems safety and security. In 2018 IEEE
Aerospace Conference (pp. 1-11). IEEE.
chevron_up_icon
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.