Software Security Capability: Report for University Course

Verified

Added on 2022/11/16

AI Summary

This report provides a comprehensive overview of building a software security capability. It begins by emphasizing the importance of security assurance, detailing its implementation within a business context, including sharing knowledge, integrating skilled personnel, and adopting software security practices. The report then explores security investment decision dashboards and their role in the software lifecycle, covering design, development, build and test, and deployment phases. It identifies major factors impacting software security, such as data breaches and identity theft. The report also discusses risk management frameworks, business cases, and their interrelation in mitigating risks and enhancing project performance. Furthermore, it delves into application security practices, the vulnerabilities of applications, and the benefits of establishing an application security practice. The report concludes by outlining the key steps for application inventory, providing a structured approach to managing and securing software assets.

Running head: BUILDING A SOFTWARE SECURITY CAPABILITY
BUILDING A SOFTWARE SECURITY CAPABILITY
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1BUILDING A SOFTWARE SECURITY CAPABILITY
Question 1:
Security is focused for providing better services towards the customer. It is important to
include proper knowledge regarding the security assurance so that it can help in protecting the
business. The ways in which the security assurance can be implemented within the business are
described below:
1. By learning about the security assurance and sharing them with the other members
2. By introducing new people who have more knowledge regarding the security
3. Software security practices offer better results towards the business cases
4. It offers high savings by decreasing the operational costs
5. The new applications are developed for the purpose of meeting the needs of the business
cases
6. SSID will ensure better performance quickly and will increase the benefits
7. There is a need to have effective technical skills that will help in analyzing the
knowledge
8. Security concept will help to maintain a proper consistency throughout the development
process
Question 2:
Security investment decision dashboard is one of the important factors that ensure better
performance throughout the software lifecycle. Thus while developing an application it becomes
essential to focus on the major phases. The major phases that are associated with security
investment decision dashboard includes designing phase, development phase where the software
is being checked during the coding period. The next phase that is important for development of

2BUILDING A SOFTWARE SECURITY CAPABILITY
software and an application includes build and test phase for testing the errors and security
concerns associated with the software process. The deployment phase is also considered as one
of the crucial phase as it helps in configuring the infrastructure for implementing proper
applications. Thus it can be stated that with the help of this steps it will become easy to manage
the security within the application.
Question 3:
There are several categories based on which the securities are being assessed. According
to Mead (et al.) it becomes essential to work based on this criteria and the major reason behind
impacting the security of software includes the data breach, identity theft, loss of system control,
critical infrastructure disruption and website defacement. These are the major reasons behind
impacting the infrastructure. After analyzing the concepts it can be stated that this are the only
factors that impacts the performance of software.
Question 4
Security investment decision dashboard is used for the purpose of providing a better
valuation and comparison scale that will evaluate the candidate’s security investment. This is
being implemented for the purpose of protecting software from possible vulnerabilities and
threats. With the help of security investment decision dashboard it becomes easy to manage the
security challenges that are likely to arise with the newly developed application and software.
Question 5:

3BUILDING A SOFTWARE SECURITY CAPABILITY
Risk management framework is mainly referred to a structured process that is used for
the purpose of identifying the potential threats that are likely to be faced by an organization. with
the help of a risk management process it becomes easy to mitigate the impacts that are likely to
be created with the risks. The 5 activities stages that are associated with risk management
framework are as follows:
 Categorizing the information system
 Selecting the security controls
 Implementing security controls
 Assessing security controls
 Authorizing information system and monitoring the security controls
Question 6:
Business case is mainly referred to the concept of capturing the reasoning behind
initiating a project. The main reason behind creating a business case is that it helps at the time of
decision making. On the other hand risk management framework is mainly used for the purpose
of mitigating the possible risks. With the help of risk management framework it becomes easy to
enhance the performance of a business case or project. Business case includes the analysis
process that is used for the purpose of addressing the risks. Thus it can be stated that the risk
management framework and business case are related to each other as it helps in fulfilling the
business requirements.
Question7:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4BUILDING A SOFTWARE SECURITY CAPABILITY
Application security practice is referred to an internal or external centre for excellence in
order to improves and assess the security that is associated with a particular application. Security
is mainly considered based on the operational issues, management issues and network issues.
After considering the X- force 2011 trend report is has been observed that vulnerabilities faced
by JavaScript it has been observed that around 40% of 678 Fortune 500 and other popular
websites has faced client side vulnerabilities. Apart from this in the year 2011, there were around
535 cases related to data breaches involving around 30.4 million records. Thus there is a high
need to have proper application security that will ensure better safety towards the data and
application.
Question 8:
The main reason behind applications as a major attack destination is that it has became
the easiest way. Nowadays lot of applications is being developed for the purpose of managing
the activities. Thus it becomes essential to focus on security aspects. The application developed
is more vulnerable to risks due to security weakness. There four main types of vulnerability are
Physical Vulnerability may be determined by aspects such as population density levels,
remoteness of a settlement, the site, design and materials used for critical infrastructure
and for housing (UNISDR).
Question 9:
The major benefits of creating an application security practice is that it helps in saving
the costs from multiple avenues by decreasing the remediation costs, decreasing the likelihood of
vulnerability exploit and by simplifying the reporting and compliance. In addition to this it also
helps in increasing the positivity for visualizing the resources. The practice also ensures that the

5BUILDING A SOFTWARE SECURITY CAPABILITY
gravity for expertise has also increased and hence it ensures better performance. Apart from this
with the help of creating practices it becomes easy to provide full life cycle engagement, ensures
that premium services are provided along with resource returns and offers a constant demand for
trained resources.
Question 10
The main steps that are important for application inventory are described below:
1. Outlining the scope for inventory
2. Identifying the providers of insight within the scope
3. Populating the inventory with proper demographic data
4. Highlighting the application lifecycle phase
5. Describing the application architecture

6BUILDING A SOFTWARE SECURITY CAPABILITY
Bibliography
RSA Conference 2012 - How to Create a Software Security Practice - Ryan Berg & Jack
Danahy. (2019). Retrieved 18 July 2019, from https://www.youtube.com/watch?
v=RMaHEpPxeVM