Impact of Software Development Process

Impact of Software Development Process

Software process can be defined as “a set of activities, methods, practices, and transformations that people use to develop and maintain software and the associated products” . According to IEEE software development process is a process by which user needs are translated into a software product. The process involves translating user needs into software requirements, transforming the software requirements into design, implementing the design in code, testing the code, and sometimes, installing and checking out the software for operational use . Software process used to create software and achieve quality in software products. The main objective of the development of a system is its efficient integration in real-life situations. Various software development methods have been adopted to develop the software products such as: waterfall model, iterative and incremental model, spiral model, V model, rapid application development, prototyping model, agile model, and hybrid spiral model. Some of the most commonly used are waterfall, spiral, V model, and agile model. Software development organizations have realized that adherence to a suitable well defined life cycle model helps to produce good quality products .
Mainly there are four phase of software development; software requirement, software design, software coding/implementation and software testing, which have been used in various models. Each and every phase have an individual impact on software quality attributes. These phase play an important role to improve quality of finished products . A suitable life cycle model can possible be selected based on an analysis of issues such as: characteristics of the software to be developed, characteristics of development team, and characteristics of customer.

There are various issues in traditional software development process. The failure of many software projects in terms of not meeting user/business requirements, prone to errors etc has led to software quality becoming one of the key issues from all stakeholders‟ perspective.  In a competitive environment quality based product is basic need for any product success. To achieve quality, efficient process is required. Activities of software development can be organized in a process, in order to achieve the quality in finished product.
 The main research question of this review article is to find out the impact of software development process on software quality. Software requirement analysis used to collect needs or requirement of software. Requirement analysis is the first step which involves to the quality because this step used to capture all functional and non-functional requirements to be implemented in final product. Software design is next step to derive quality to create complete structure or architecture of software which is stated into requirement specification. Design provides not only to find out how the software product is going to be appear, but also allows both software users and developers to realize how it's going to function. Because design is the only way to completely translate a requirements into a finished product.
After software design software coding/implementation phase is used for implementing the software. Software implementation is based upon programming language. This phase also play an important role because using coding an executable version of software is created. Programming language can impact not only the coding process, but also the properties of the resulting product and its quality. Software testing is conducted when executable software exists. Testing used to find out errors and fix them to support software quality. Testing check what all functions software supposed to do & also check that software is not doing what he not supposed to do.

Read More

Software Development Process

Software Development Process

The software process is an organized set of activities required to develop a software product. Software development is the process of taking a set of requirements from a user, analyzing them, designing a solution to the problem, and then implementing

solution on a computer. International standard ISO/IEC 12207 describe the method of selecting, implementing, and monitoring the life cycle for software. Waterfall model is a traditional model and agile software development is a newest method for software development.
At present software organization shift its focus from product issues to process issues. Sequential process model such as waterfall and V model is linear process model. This is applicable in situation where requirements are well defined, fix, and stable. Incremental process model is iterative in nature and develop working versions of software cleanly. Evolutionary process models use the iterative, incremental nature to implement software product. Evolutionary models such as prototyping and spiral model produce incremental work products rapidly. Agile is a new model for software development which uses iterative and incremental development, less documentation, lightweight, and fewer process controls. It was targeted at small to medium size software projects and smaller teams of developers which develops complete software easily.
Special models contain the component based model that incorporates component reuse and assembly. Formal method model that encompass a mathematical based approach for software development. Aspect oriented model uses crosscutting concerns spanning for system architecture. Unified process is a use case driven, architecture centric, iterative and incremental software process designed for UML methods and tools. Personal and team model have been developed for software process. Both provide planning, measurement, and self direction as key ingredients for successful software process.
Quality of software process affects quality of software product. Quality derived in software product with the help of well defined software process. Software development process model uses software process to develop software product. Waterfall and V model is linear model and most suitable where requirements are well defined and fix. Iterative and incremental model, prototype model, and spiral model works in cycle form and develop software product rapidly. Agile model also uses iterative and incremental nature to develop software product quickly as possible. Component model incorporates reusability and assemble software component easily. Selection of most appropriate process model is important concern to achieve quality which is selected as per software requirement and architecture. 

Read More

Software Quality

Software Quality

According to IEEE Standard Glossary of Software Engineering Terminology Std 610.12-1990 quality is defined as: “the degree to which a system, component, or process meets specified requirements” and “the degree to which a system, component, or process meets customer or user needs or expectations”. Basically software quality defined as: conformance to specification and meeting customer needs. Although there are different definitions, it is often described as the fitness for purpose of software.
One of the challenges of software quality is that everyone feels they understand it. All these ideas and views on quality are used to manage and incorporate the software quality. For quality management various models and standard are develop as per requirement and changing environment. One of the most important

quality model is McCall model which attempts to bridge the gap between users and developers by focusing on a number of software quality factor that reflect users view and the developer priorities. Second basic quality model is Boehm model, addresses the shortcoming of existing models to automatically and quantitatively evaluate the quality of software. Boehm model is a hierarchical quality model which qualitatively defines software quality by a set of attributes and metrics and present structure around high level characteristics, intermediate level characteristics, and primitive characteristics.
ISO 9001 is an international quality management standard applicable to organizations within all type of business and process. ISO has also release ISO 9126 for software product evaluation, quality characteristics, and guidelines for their use standard. Now this standard has been revised by ISO 25010:2011, Systems and software engineering: Systems and software Quality Requirements and Evaluation (SQuaRE). Carnegie Mellon Software Engineering Institute (SEI) developed Capability Maturity Model (CMM) to address issue of software quality from process perspective. CMM is replaced by Capability Maturity Model Integration (CMMI) model which incorporate some CMM models into a wider span. The ISO/IEC 15504: information technology- software process assessment is an international standard framework for process assessment that intends to address all processes involved in development.
Success of software organization completely depends on user who use software and satisfy with software quality. Every software organization wants to develop quality product within given time and cost. To develop quality product first step should be a clear, complete, and precise software requirement. After requirement software design accordingly then software coding is start for executable version of software. Finally testing of software is started to check the software errors and bugs. All this belong to software quality. 

Read More

Data Warehouse control and security

DATA WAREHOUSE CONTROL AND SECURITY

Data Warehouse (DW) is a collection of integrated databases designed to support managerial decision-making and problem-solving functions. It contains both highly detailed and  summarized historical data relating to various categories, subjects or areas. All units of data are relevant to appropriate time horizons. DW is an integral part of enterprise—wide decision support system, does not ordinarily involve data updating. It empowers and end users perform data access and analysis. This eliminates the need for the IS function to perform informational processing from the legacy system for the end-users. It also gives an organization certain competitive advantages, such as: fostering a culture of information sharing; enabling employees to effectively and efficiently solve dynamic organizational problems; minimizing operating costs and maximizing the employee's turnovers.

The security requirements of the DW environments are not unlike those of other distributed computing systems. Thus, having an internal control mechanism to assure the confidentiality, integrity and availability of data in a distributed environment is of paramount importance. Unfortunately, most data warehouses are built with little or no consideration given to security during the development phase. Achieving proactive security requirements of DW there are seven phase processes:

• Identifying the data
• Classifying the data
• Quantifying the value of data
• Identifying data security vulnerabilities
• Identifying data protection measures and their costs
• Selecting cost-effective security measures
• Evaluating the effectiveness of security measures.

These phases are parts of an enterprise—wide vulnerability assessment and management program.

Identifying the Data

The first security task is to identify all digitally-stored corporate data placed in the Data Warehouse. This is an often ignored, but critical phase of meeting the security requirements of the DW environment since it forms the foundation for subsequent phases. It entails taking a complete inventory of all the data that is available to the DW end-users. The installed data monitoring software—an important component of the DW can provide an accurate information about all databases, tables, columns, rows of data and profiles of data residing in the DW environment as well as who is using the data and how often they use the data.

A manual procedure would require preparing a checklist of the same information described above. Whether the required information is gathered through an automated or a manual method, the collected information needs to be organized, documented and retained for the next phase.

Classifying the Data

Classifying all the data in the DW environment is needed to satisfy security requirements for the data confidentiality, integrity and availability in a prudent manner. In some cases, data classification is a legally mandated requirement. Performing this task requires the environment of the data owners, custodians and the end-users. Data is generally classified on the basis of criticality or sensitivity to disclosure, modification and destruction. The sensitivity of corporate data can be classified as least sensitive data, moderately-sensitive data, most sensitive data. Classifying data into different categories is not as easy as it seems.

Quantifying the Data 

In most organizations, senior management demands to see the smoking gun (e.g. Cost vs benefit figures, or hard evidence of committed frauds) before committing corporate funds to support security initiatives. Cynic managers will be quick to point out that they deal with hard reality —not soft variables connected hypothetically. Quantifying the value of sensitive data warranting protective measures is as close to the smoking gun as one can get the trigger senior manager's support and commitment to security initiative in the DW environment.

The quantifying process is primarily concerned about assigning "Street Value" to data grouped under different sensitivity categories. By itself, data has no intrinsic value. However, the definite value of data is often measurable by the cost to

(a) reconstruct lost data

(b) restore the integrity of corrupted, fabricated, or intercepted data

(c) not make timely decision due to denial of service

(d) pay financial liability for public disclosure of confidential data.

The data value may also include lost revenue from leakage of trade secrets to competitors, and advance use of secret financial data by rogue employees in the stock market prior to public-release.

Identifying Data Vulnerabilities 

This phase requires the identification and documentation of vulnerabilities associated with DW environment. Some common vulnerabilities of DW include the following:

• In-built DBMS security
• DBMS limitations
• Inference attacks
• Availability factor
• Human factor
• Inside threats
• Outsider threats 
• Natural factors 
• Utility factors. 

A comprehensive inventory of vulnerabilities inherent in the DW environment need to be documented and organized (e.g. as major or minor) for the next phase. 

ldentifying Protective Measures and Their Cost

Vulnerabilities identified in the previous phase should be considered in order to determine cost-effective protection for the DW data at different sensitivity levels. Some protective measures for the DW data include:

• Human wall
• Access user classification
• Access controls
• Data encryption
• Partitioning
• Development controls.

The estimated costs of each security measure should be determined and documented for the next phase. Measuring the costs usually involves determining the development, implementation and maintenance costs of each security measure.

Selective Cost-Effective Security Measures

All security measures involve expenses, and security; expenses require justification. This phase relies on the results of previous phases to access the fiscal impact of corporate data at risk and select cost-effective security measures to safeguard the data against known vulnerabilities.

However, the cost factor should not be the only criterion for selecting appropriate security measures in DW environment. Compatibility, adaptability and potential impact on the DW performance should also be taken into consideration.

E­valuating the Effectiveness of Security Measures

A winning basketball formula from the John Wooden School of Thought teaches that good team should be prepared to rebound every shot that goes up, even if it is made by the greatest player on the court. Similarly, a winning security strategy is to assume that all security measures are breakable, or not permanently effective. Every time we identify and select cost-effective security measures to secure our strategic information assets against certain attacks, the attackers tend to double their efforts in identifying methods to defeat our implemented security measures.

The best we can do is to prevent this from happening, make the attacks difficult to carryout, or be prepared to rebound quickly if our assets are attacked. We will not be well-positioned to do any of these if we do not evaluate the effectiveness of security measures on an ongoing basis.

Evaluating the effectiveness of security measures should be conducted continuously to determine whether the measures are:

(i)    Small, simple and straightforward

1. Carefully analyzed, tested and verified
2. Used properly and selectively so that they do not exclude legitimate accesses.
3. Elastic so that they can respond effectively to changing security requirements, and
4. Reasonably efficient in terms of time, memory space, and user-centric activities so that they do not adversely affect the protected computing resources. It is equally important to ensure that the DW end-user understand and embrace the propriety of security measures through an effective security awareness program. The data warehouse administrator (DWA) with the delegated authority from senior management is responsible for ensuring the effectiveness of security measures.

The size of historical data in the DW environment grows significantly every year, while the user of the data tends to decrease dramatically. This increase storage, processing and operating costs of the DW annually. It necessitates the periodic phasing out of least and most accessed data over a long time horizon. A prudent decision has to be made as to how long historical data should be kept in the DW environment before they are phased our on mass. The DWA may not meet effectively these challenges without the necessary tools (activity and data monitors), resources (funds and staffing support) and management philosophy (strategic planning and management). For these reasons, the DWA should be a good strategist, an effective communicator and a competent technician. It is generally recognized that the goal of DW is to provide decision-makers access to consistent, reliable and timely data for analytical, planning and assessment purposes in a format that allows for easy retrieval, exploration and analysis. The need for accurate information in the most efficient and effective manner is congruent with the security requirements for data integrity and availability.

Read More

Goals of Security Infrastructure

Goals of Security Infrastructure

The primary goal of a security infrastructure design in the protection of corporate assets. The way we protect these assets is by the proper deployment of security components into an organized and cohesive security infrastructure. Assets may include hardware, software, network components and intellectual property. The controls applied in a protection of these assets should be in line with your corporate security goals as well as your corporate security policy documentation. Though only the protection of data is mentioned, it is implied that in protecting the data and ensuring its availability, the underlying systems and networks are also protected.

Depending upon your chosen data classification scheme, each of the following data protection goals should be approximately represented and weighted accordingly:

• Data confidentiality
• Data integrity
• Data availability.

When designing a security infrastructure, target your applications for the best results. Your applications are the closest things to your data as they process, exchange, and store your data. By deciding that your design goals will address data confidentiality, data integrity, and data availability, you will discover that you are securing not only your applications, but your enterprise as well.

Read More

Building security Plan

Building Security Plan

The basic goals of a network security system are pretty much like the security goals for any kind of computer system.

• To protect information from accidental destruction or modification.
• To protect information from deliberate destruction or modification.
• Make sure the data is available to authorized users, when they need it and in a form they can use.

To secure a network system, you will need nearly as much diplomatic sense is technical know-how. For example, you will have to influence people in client department People over whom you have no particular authority. You will find yourself in many situations where you must build alliances in support of a working security plan One of the most effective alliances you can form is with Human Resources. There are many ways HR can help you.

• Helping you identify the key manager in each client department.
• Devising professional surveys and other means to learn about employees; current altitude towards security.
• Helping to set up and conduct interviews with department managers and employees.
• Planning and delivering training programs to support the security program.

Your main objective is to determine just where the organization's security might need improvement. Many employees also have useful ideas about security problems in their areas of responsibility and may even have some suggestions for solving them You can present a case to top management, pointing to specific problems and offering legitimate solutions.

Read More

Security Procedures

Security Procedures

The best physical and technical methods are of little value if your employees do not use them properly. More important you can use procedural methods to conduct your overall business operations. At the same time, you can minimize the degree to which security measures interface with full, productive use of your computers.

Procedural security is a set of management and supervisory controls. It includes rules for the use of computers and data, and ways to detect unauthorized use.

• Data input
• Data processing
• Program development
• Output
• Communication
• Storage.

Procedural security covers the entire range of computer operations, it becomes an integral part of your business. You will consider it when hiring employees. Many operating controls will be based on security considerations. Auditing and supervisory techniques will be designed with security in mind. You can establish a secure computer system and back it up with adequate check and balances, as an everyday management activity.

Most procedural security measures are based on two established principles:

• Make each employee personally accountable.
• Make sure that it take more than one person to commit a fraudulent act.

If a sensitive transaction is being made, you should be able to identify the person responsible and hold that employee personally responsible for the results. 

A good procedural security program should include:

• A written policy that spells out employee's responsibilities, provides a means to detect violations, and has enough management control to make sure it is properly implemented.
• Management controls to make sure the policies are observed, make sure they keep up with the development of your computer systems.
• Control over processes of computer use, and access to programs and data.
• Regular tests of your security system, to make sure it is adequate and employees are observing the proper procedure.
• A standard procedure to deal with anyone caught missing the system. This can range from minor disciplinary action to criminal changes if necessary. Be ready to take this action even if it might mean had publicity for the company.
• Constant communication, management officials and members of the technical staff should stay in touch to discuss security needs and problems.

Read More

Organizational Policy, Security and Infrastructure

Organisation Policy, Security and Infrastructure

Today, A good manager will know the types and forms of information generated and how the information is used to in the business before planning, and how to manage it. 

An organizational policy provides the rules the governs how systems should be configured and how employees of an organization should act in normal circumstances and react during unusual circumstances. The policy defines how security should be implemented. 

However, the technical aspects of security are not the only things that are defined by the policy. The policy also defines how employees should perform certain security-related duties such as the administration of users. The policy also defines how employees are expected to behave when using computer systems that belong to the organization. 

The security policy tells its audience what must be done. It does not address how these things should be done-that falls under the domain of implementation. which must be kept completely separate from the policy itself. 

Infrastructure security begins with the actual design of the infrastructure itself. The proper user of the right components not only improves performance but also improves security. 

An important part of any organization's approach to implementing security are the policies, standards, procedures and guidelines that are established to detail what users and administrators should be doing to maintain the security of the systems and network. Collectively, these documents provide the guidance needed to determine how security will be implemented in the organizations. Given this guidance, the specific technology and security mechanisms required can be planned for:

Policies are high-level, broad statements of what the organization wants to accomplish. They are made by management when laying out the organizations position on some issue.

Standards are mandatory elements regarding the implementation of a policy. They are accepted specifications providing specific details on how a policy is to be enforced.

Guidelines are recommendations relating to a policy.

Procedures are the step-by-step instructions on how to implement policies in the organization.

The constant monitoring of the network and the periodic review of the relevant documents are part of the process that is the operational model. When applied to policies, this process results in what is known as the policy life cycle. This operational process roughly consists of four steps:

• Plan
• Implement
• Monitor
• Evaluate.

The first step is to plan for security in your organization. In this step, you develop the policies, procedures, and guidelines that will be implemented and design the security components that will protect your network.

In second step, implement the plans and next you monitor to ensure that both the hardware and software as well as the policies, procedures and guidelines are effective in securing your systems. Finally, you evaluate the effectiveness of the security measures you have in place. After evaluating your security posture, you begin again with step one, this time adjusting the security mechanisms you have in place, and then continue with this cyclic process.

Read More

Happy Republic Day

Dear friends

On this special day,

let’s promise our motherland that
we will do everything
to enrich and preserve our heritage
our ethos and our treasure
Happy Republic Day!

Read More

Database Backup and Recovery

1. DATABASE BACKUP AND RECOVERY 

An integral part of any overall database security strategy should be providing for database backup and recovery. Backups serve many different purpose. Most often, in seems that systems administrator perform backups to protect information in the case of server hardware failures. Although this is very real danger in most environments. It is often not the most likely. Data can be lost due to accidental human errors, flawed application logic, defects in the database server or operating system platform and, of course, malicious users who are able to circumvent security measures. In the event that data is incorrectly modified or destroyed altogether, the only real method to recover information is from backups.

Since all relational database systems provide some method for performing database backups while a server is still running, there is not much of an excuse for not implementing backups. The real challenge is in determining what backup strategies apply to your own environment. You will need to find out what your working limitations are. This was not an easy task, even in the best-managed organizations. It involves finding information from many different individuals and departments within your organization. You will have to work hard to find existing data, and make best guesses and estimates for areas in which data is not available.

To further complicate issues, there are many constraints in the real world that can affect the implementation of backup processes. First, resources such as storage space, network bandwidth, processing time, and local disk I/O bandwidth are almost always limited. Additionally, human resources—especially knowledgeable and experienced database administrators—may be difficult to find. And, performance requirements, user load, and other factors can prevent you from taking all the time you need to implement an ideal backup solution.

So, how do you decide what to protect? One method is to classify the importance of the relative types of information you need to protect. For example, your sales databases might be of "mission critical" importance, whereas a small decision support system might rank" Low priority" on the scale (since the data can relatively easily be re-created, if necessary). It is also importance to keep in mind that business managers may have a very different ideas of the importance of data when compared to other users who actually deals with this information frequently. Keep in mind that determining how to protect information must be a team effort if it is to be accurate and successful. 

It is important to keep in mind that the purpose of data protection is not to create backups. The real purpose is to provide the ability to recover information, in case it is lost! To that end, a good practice is to begin designing a backup solution based on your recovery requirements you should take into account the cost of downtime, the value of the data, and the amount of acceptable data loss in a worst-case scenario. Also, keep in mind the likelihood of certain types of disasters.

Read More

Database security issues

DATABASE SECURITY ISSUES

Database security is a very broad area that addresses many issues, including the following:

(i) Legal and ethical issues regarding the right to access certain information. Some information may be deemed to be private and cannot be accessed legally by unauthorized persons.

(ii) Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available, for example credit ratings and personal medical records.

(iii) System-related issues such as the system levels at which various security functions should be enforced, for example whether a security function should be handled at the physical hardware level, the operating system level or the DBMS level. 

(iv) The need in some organizations to identify multiple security levels and to categorize the data and users based on these classifications, for example top secret, secret, confidential and unclassified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.

Threats to databases result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentiality.

Loss of integrity: Database integrity refers to the requirement that information be protected from improper modification. Modification of data includes creation, insertion, modification, changing the status of data and deletion. Integrity is lost if unauthorized changes are made to the data by either internal or accidental acts. If the loss of system or data integrity is not corrected, continued use of the contaminated system or corrupted data could result in inaccuracy, fraud or erroneous decisions.

Loss of availability: Database availability refers to making objects available to a human user or a program to which they have a legitimate right.

Loss of confidentiality: Database confidentiality refers to the protection of data from unauthorized disclosure. The impact of unauthorized disclosure of confidential information can range from violation of the Data Privacy Act to the National Security Act. Unauthorized, unanticipated or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization.

Read More

Software Projects Versus Other Types of Project

Software Projects Versus Other Types of Project 

Many of the techniques of general project management are applicable to software project management, but product of software projects have certain characteristics which make them different. 

  (i) Invisibility : when a physical artefact such as Hospital, School or road is being constructed, the programs being made can actually be seen. With software, progress is not immediately visible. One way of  perceiving software  project management is as the process of making visible that which is   invisible. 

(ii) Complexity : Software products contain more complexity than other engineered artefacts. 

(iii) Conformity : The “Traditional” engineer is usually working with physical systems and physical materials like plastic, cement and steel etc. These physical systems can have some complexity, but are governed by physical laws that are consistent. Software developers have to conform to the requirements of human clients, it is not governed by physical laws. 

It is not just that individual can be inconsistent, organizations, because of laps in collective memory, in internal communication or in effective decision making, can exhibit remarkable “organizational stupidity”, which developers have to cater for. 

(iv) Flexibility : The easy which software can be changed in usually seen as one of its strengths. However this means that when the software system interfaces with a physical or organizational systems, it is expected that where necessary, the software will change to accommodate the other components rather than vice-versa. 

Read More

Project Planning and Management

Project Planning and Management

The dictionary definition put a clear emphasis on the project being a planned activity. The definition of a project as being planned assumes that to a large extent we can determine how we are going to carry out a task before we start. There may be some projects of an exploratory nature where this might be quite difficult planning is in essence thinking carefully about something before you do it- and even in the case of uncertain projects this is worth doing as long as it is accepted that the resulting plans may be provisional and speculative. Other activities, relating for example to routine maintenance, might have been performed so many times that everyone involved knows exactly what need to be done. In these cases, planning hardly seems necessary, although procedures might need to be documented to ensure consistency and to help newcomers to the job.  

Project management is an important aspect of the development of information systems. The focus of project management is to ensure that system development project meet customer expectations and are delivend within budget and time constraints. 

A software project is not only concerned with the actual writing in software. In fact, where a software application is bought in "off-the shelf", these may be no software writing as such. This is still fundamentally a software project because so may of the other elements associated with this type of project are present. 

The f­easibility study, conducted by the project manager, involves determining whether the information system maker same for the organization from an economic and operational standpoint. The study takes place before the system is constructed. If the feasibility, study produces results which indicate that the prospective project appears viable, then planning of the project can take place. Project planning involves defining clear, discrete activities and the work needed to complete each activity within a single project. It often requires you to make numerous assumptions about the availability of resources such as hardware, software and personal. The Project can now be executed. The execution of a project often contains design and implementation sub-phases. ­

The first phase of the system development life cycle is project identification and selection, during which the need for a new or enhanced system is recognized. This find life cycle phase does not deal with a specific project but rather identifies the portfolio of project  to be under taken by the organization. Thus, project identification, and selection is a pre-project steps in the life cycle. 

Read More