NCU-FSB is in the process of implementing an ERP solution for administrative process integration. The solution to be implemented will cover all operations (loans, credit cards, mortgages, IRAs, investments, and financial counseling services) with administrative operations (human resources, finances, plant management, procurements, and asset management, among others). To ensure that a chosen solution meets all technical and security requirements, the CEO asked the CIO and you as the CISO to analyze industry solutions and recommend the control criteria every solution to be developed, either commercial off-the-shelf (COTS) or in-house development must meet.
For this assignment, you must develop a diagram and a technical paper, in which you design a control model for secure development.
Your paper should contain the following:
Model with a checklist, outline, or flowchart of all the control elements needed to review at the time of performing a database or application for testing.
Checklist must be useful for either for usability testing, certifying completeness and compliance as part of the accreditation process.
Checklist should contain the criteria to be validated during design, development, and testing. The criteria will eventually become the standards for data and application management for all applications to be updated or developed.
Recommendations for data and application control best practices to control risks
Comparison of the waterfall model, spiral model, rapid application development, reuse model, and extreme programming, as strategies for secure software best practices.