SP20 OL Sys & Infrast Lifecycle Mngt

Information Technology Audit and Cybersecurity, Temple University

Sys & Infrast Lifecycle Mngt 1

MIS 5203.701 ■ Spring 2020 ■ Brian Green, MS

9 – Software

From CISA:

3.1.1. IS Auditor’s Role in SDLC Project Management
3.1.2. Software Development Methods
3.1.2.1. Prototyping
3.1.2.2. Rapid Application Development
3.1.2.3. Agile Development
3.1.2.4. Object Oriented System Development
3.1.2.5. Component Based Development
3.1.2.6. Web Based Application Development
3.1.2.7. Software Reengineering
3.1.2.8. Reverse Engineering
3.1.2.9. DevOps
3.1.2.10. Business Process Reengineering and Process Change
3.1.2.10.1. Benchmarking Process
3.1.2.10.2. IS Auditors Role in Business Process Reengineering
3.1.3. System Development Tools and Productivity Aids
3.1.3.1. Computer Aided Software Engineering
3.1.3.2. Code Generators
3.1.3.3. Fourth Generation Languages
3.1.3.3.1. Query and Report Generators
3.1.3.3.2. Embedded Databases
3.1.3.3.3. Relational Databases
3.1.3.3.4. Application Generators
3.1.3.3.5. Characteristics:
3.1.3.3.5.1. Nonprocedural
3.1.3.3.5.2. Environmental Independence
3.1.3.3.5.3. Software Facilities
3.1.3.3.5.4. Programmer Workbench Concepts
3.1.3.3.5.5. Simple Language Subsets
3.2. Control Identification and Design
3.2.1. Input/Origination Controls
3.2.1.1. Input Authorization
3.2.1.2. Batch Controls and Balancing
3.2.1.3. Error Reporting and Handling
3.2.2. Processing Procedures and Controls
3.2.2.1. Data Validation and Editing Procedures
3.2.2.2. Processing Controls
3.2.2.3. Data File Control Procedures
3.2.3. Output Controls
3.2.4. Application Controls
3.2.4.1. IS Auditor’s Role in Reviewing Application Controls
3.2.5. User Procedures3.1. System Development Methodologies
3.1.1. SDLC Phases
3.1.1.1. Implementation
3.1.1.1.1. Configuration
3.1.1.1.2. Development
3.1.1.1.2.1. Programming Methods and Techniques
3.1.1.1.2.2. Integrated Development Environment
3.1.1.1.2.3. Programming Languages
3.1.1.1.2.4. Program Debugging
3.1.1.2. Testing and Implementation
3.1.1.3. Post Implementation Review

From Secure Software Design

1.5. Procedural Security
1.6. Modular Programming
1.7. Sensitive Data Mapping
1.8. Reducing the System Attack Surface

In this unit, plan to:

  • Participate in the class discussion thread
  • Read the assigned topics in CISA
  • Read selected readings in Secure Software Design