A Study on IT Security Control by Comparison of Secure Software Development Process

Rijayanti, Rita; Hendayun, Mokhamad; Suharto, Toto; Hwang, Min‐Shiang

doi:10.1007/978-981-15-1465-4_54

Cited by 2 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Monitoring applications are commonly developed to monitor or detect development problems [5]. One of the approaches in monitoring applications for software development in terms of handling projects is by automatically extracting process definition in the form of constraint (i.e., Jira tracing tools) which generate mining reports for different types of issues across projects and at different times.…”

Section: Monitoring Applicationmentioning

confidence: 99%

“…Integrating risk management in SDLC and applying risk management to the application of SDLC are unceasing issues [5]. Predominantly, the integration between risk management and software models is conducted in a rapid application concept instead of a full development process, for example, SDLC [8][9][10].…”

Section: Secure Software Developmentmentioning

confidence: 99%

“…On top of that, developers need to create a rulebased access control policy model to build secure code [11]. Further, the close resemblance to the developed monitoring application has been discussed in [5], in which the integrating risk assessment and threat modelling within the SDLC for a software defect are identified and detected during the development life cycle.…”

Section: Secure Software Developmentmentioning

confidence: 99%

“…1] illustrates relationship mapping of software development, touchpoints for secure software, and the NIST SP 800-30 risk management, which has security control outputs in the context of a work procedure form. Combining these three methods provides better results in developing secure software controls as there is a stage that exists in touchpoints for secure software that does not exist in NIST SP 800-30 risk management and vice versa, which balances each other [5].…”

Section: Procedures Mapping For the Secure Software Developmentmentioning

confidence: 99%

“…In other words, until the stages of the development process are done or deployed. Furthermore, the whole stages of software development are related to secure software development process which are based on the mapping result of software development life cycle, secure software development, as well as risk management methods conducted in previous studies [5].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Monitoring Application for the Secure Software Development based on Risk Assessment Model

Rijayanti¹,

Hwang²

2022

APJCRI

View full text Add to dashboard Cite

The development of software in a wide range of remote locations by large developers generates problems, in which a number of bugs or errors appear after deployment. Therefore, the solution is developing a monitoring application based on secure software development and risk assessment concept on Software Development Life Cycle (SDLC). The developed concept is based on mapping result of touchpoints for secure software, and NIST SP 800-30 for risk management in each stage of SDLC. The measures particularly support developer teams in remote distributed environments. The focus is on the risk assessment performed during the stage of initialization to implementation. In addition, according to the mapping results as well as business process analysis, there are five main functions related to this study, including creating projects, designing process, developing process, testing process, and deployment. Additionally, a web-based monitoring application is implemented to secure the software development process based on security control procedures at each stage, and developed using PHP programming languages and MySQL for a database. Moreover, the application is triggered by five parameters: software type development, tools, database structures, module names, and errorrelated problems. From these parameters, the risks could be discovered and subsequently categorized into four types of risk, such as low, medium, high, and critical, based on the impact of each risk. The results signify that the number of supports significantly decreased by 80%. Correspondingly, this application is expected to support secure software development as well as provide efficient treatment for possible errors and security risks.

show abstract

Section: Monitoring Applicationmentioning

confidence: 99%