Please enable JavaScript.
Coggle requires JavaScript to display documents.
System & Application Development - Coggle Diagram
System & Application Development
Tujuan
Mempelajari berbagai aspek keamanan dan kontrol-kontrol yang terkait pada pengembangan sistem informasi.
Topik
Complexity of functionality
data
database management security
systems development life cycle
application development methodology
software change control
malicious code
Information Security and the Life Cycle Model
The earlier in the process a component is introduced, the better chance for success. Information security is no different.
Information security controls conception, development, implementation, testing, and maintenance .
Info sec. controls should be part of the feasibility phase.
Testing Issues
Testing of the software modules or unit testing should be addressed when the modules are being designed.
Personnel SEPARATE from the programmers should conduct this testing.
Testing should check modules using normal and valid input data, and also check for incorrect types, out of range values, and other bounds.
Use TEST DATA, out of range values, and incorrect module types
Software maintenance phase
Request Control
Kendali terhadap permohonan dari user untuk perubahan
Mencakup: Pembuatan prioritas permohonan, Estimasi biaya perbaikan/ perubahan, Memvalidasi user interface kepada user
Change Control
Permasalahan yang ditangani antara lain: Merekonstruksi problem, Menganalisa permasalahan, Melakukan perbaikan/perubahan, Pengujian, Melakukan kontrol kualitas
Hal lain yang perlu diperhatikan: Pendokumentasian perbaikan, Apakah ada dampak pada modul lainnya yang terkait, Akreditasi dan sertifikasi ulang
Release Control
Apa (modul mana) yang akhirnya dimasukkan dalam software versi rilis
Pengarsipan rilis software
User acceptance testing
Pendistribusian software rilis terbaru tsb
Configuration management
Application Controls
Application Control Types
Preventive
Detective
Corrective
The goal is to enforce the organizations security policy and procedures and to maintain the confidentiality, integrity, and availability.
Users running applications require the availability of the system.
A service level agreement guarantees the quality of a service to a subscriber by an ISP
Aggregation
Def: Act of combining information from separate sources.
The combination of the information forms new information, which the subject does not have the nececssary rights to access.
The combined information has a sensivity that is greater than the individual parts