Information Systems homework help

/in /by

Scenario:

FSB is in the process of implementing an ERP solution for administrative process integration. The solution to be implemented will cover all operations (loans, credit cards, mortgages, IRAs, investments, and financial counseling services) with administrative operations (human resources, finances, plant management, procurements, and asset management, among others). To ensure that a chosen solution meets all technical and security requirements, the CEO asked the CIO and you as the CISO to analyze industry solutions and recommend the control criteria every solution to be developed, either commercial off-the-shelf (COTS) or in-house development must meet.

Instructions:

For this assignment, you must develop a diagram and a technical paper, in which you design a control model for secure development.

Your paper should contain the following:

  • Model with a checklist, outline, or flowchart of all the control elements needed to review at the time of performing a database or application for testing.
  • Checklist must be useful for either for usability testing, certifying completeness, and compliance as part of the accreditation process.
  • Checklist should contain the criteria to be validated during design, development,      and testing. The criteria will eventually become the standards for data and application management for all applications to be updated or developed.
  • Recommendations      for data and application control best practices to control risks
  • Comparison of the waterfall model, spiral model, rapid application development, reuse model, and extreme programming, as strategies for secure software best practices.

Length: 6-8 page technical paper

Resources

Alhaidari, F.A., & Al-Dahasi, E.M. (2019). New approach to determine DDoS attack: Patterns on SCADA system using machine learning.

Grijp, S. (2019, March 4). Designing your organization’s custom COBIT. COBIT Focus, 1–3.

Nicho, M., Khan, S., & Rahman, M. S. M. K. (2017). Managing information security risk using integrated governance risk and compliance.