CBK#4 Applications & Systems Development Security - Page 5

CBK#4 Applications & System Develop. - Page 1 2 3 4 5 6 7 8 9

Change control sub-phases:
- Request control
- Change control
- Release control

Change control process:
- Make a formal request of change
- Analyze the request
    - Develop the implementation strategy
    - Calculate the costs of this implementation
    - Review any security implications
- Record the change request
- Submit the change request for approval
- Develop the change
    - Recode segments of the product and add or subtract
          functionality.
    - Link these changes in the code to the formal change control
          request
    - Submit software for testing and quality approval
    - Repeat until quality is adequate
    - Make version changes

Configuration management:
- Configuration identification
- Configuration control
- Configuration status accounting
- Configuration audit

CMM / Software Capability Maturity Model
- Level 1: Initiating - Competent people and heroics; processes are
                    informal and ad hoc
- Level 2: Repeatable - Project management processes; project
                    management practices are institutionalized
- Level 3: Defined - Engineering processes and organizational
                    support; technical practices are integrated with
                    management practices institutionalized
- Level 4: Managed - Product and process improvement; product
                    and process are quantitatively controlled
- Level 5: Optimized - Continuous process improvement; process
                    improvement is institutionalized

Application Development Methodology
Types of languages:
Machine language: Is in a form that the computer and processor can understand and work with directly
Assembly language: Cannot be understood directly by the system and must be processed, which results into machine code language.
High-level language: Cannot be understood directly by the system and must be processed, which results into machine code language.

Programs:
Interpreted programs: Have instructions that are read and interpreted by a program one instruction at a time.
Compiled programs: Are written in a high-level language and turned into machinereadable format by a program called compiler.

CBK#4 Applications & System Develop. - Page 1 2 3 4 5 6 7 8 9

CISSP Summary 2002 |  Related links | References

CBK#1 Access Control Systems & Methodology | CBK#2 Telecommunications & Network Security | CBK#3 Security Management Practices | CBK#4 Applications & Systems Development Security | CBK#5 Cryptography | CBK#6 Security Architecture & Models | CBK#7 Operations Security | CBK#8 Business Continuity Planning & Disaster Recovery Planning | CBK#9 Law, Investigations & Ethics | CBK#10 Physical Security

Contact:

E-mail: john.wallhoff@mailbox.swipnet.se
Written by: J.Wallhoff January - April 2002
Updated by: J.Wallhoff April 2002