They know who you are. Show them what you can be.
--Your friends at LectureNotes

Note for Cyber Security - cs by nainish aggarwal

  • Cyber Security - cs
  • Note
  • Dr. A PJ Abdul Kalam Tech University Lucknow - AKTU
  • Uploaded 9 months ago
0 User(s)
Download PDFOrder Printed Copy

Share it with your friends

Leave your Comments

Text from page-1

UNIT 1 Cyber Security Information system development methods ISD is defined as “a change process taken with respect to object systems in a set of environments by a development group using tools and an organized collection of techniques collectively referred to as a method to achieve or maintain some objectives” .ISD is understood to include development of both manual and computerized parts of an object system. An IS can therefore include both manual and computer-supported parts. Although the definition emphasizes essential components of ISD, such as its social nature and varying objectives. Examples of methods include Structured Analysis and Design (SA/SD), and the object-oriented methods . A short example of method knowledge is in order. The method knowledge of SA/SD can be discussed in terms of the techniques (e.g. data flow diagram, entity-relationship diagram) and their interrelations. In SA/SD the overall view of the object system is perceived through a hierarchical structure of the processes that the system includes. This overall topology is completed by data transformations; how data is used and produced by different processes, how it is transformed between processes, and where it is stored. Moreover, the data used in the system needs to be defined in a data-dictionary and interrelations between data need to be specified with entity-relationship diagrams. Thus, methods describe not only how models are developed but also how they are organized and structured. Furthermore, since ISD methods aim to carry out the change process from a current to a desired state they should also include knowledge for creating alternative design solutions and provide guidelines to select among them FIGURE The role of methods in ISD KAMNA SINGH CYBER SECURITY NOTES Page 1

Text from page-2

Information system development The systems development life cycle (SDLC), also referred to as the application development lifecycle, is a term used insystems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system. [1] The systems development life-cycle concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both. Overview A systems development life cycle is composed of a number of clearly defined and distinct work phases which are used by systems engineers and systems developers to plan for, design, build, test, and deliver information systems. Like anything that is manufactured on an assembly line, an SDLC aims to produce high quality systems that meet or exceed customer expectations, based on customer requirements, by delivering systems which move through each clearly defined phase, within scheduled time-frames and cost estimates.Computer systems are complex and often (especially with the recent rise of service-oriented architecture) link multiple traditional systems potentially supplied by different software vendors. To manage this level of complexity, a number of SDLC models or methodologies have been created, such as "waterfall"; "spiral,prototype model incremental". Waterfall model: Waterfall approach was first SDLC Model to be used widely in Software Engineering to ensure success of the project. In "The Waterfall" approach, the whole process of software development is divided into separate phases. In Waterfall model, typically, the outcome of one phase acts as the input for the next phase sequentially. Following is a diagrammatic representation of different phases of waterfall model. KAMNA SINGH CYBER SECURITY NOTES Page 2

Text from page-3

The sequential phases in Waterfall model are: • • • • • • Requirement Gathering and analysis: All possible requirements of the system to be developed are captured in this phase and documented in a requirement specification doc. System Design: The requirement specifications from first phase are studied in this phase and system design is prepared. System Design helps in specifying hardware and system requirements and also helps in defining overall system architecture. Implementation: With inputs from system design, the system is first developed in small programs called units, which are integrated in the next phase. Each unit is developed and tested for its functionality which is referred to as Unit Testing. Integration and Testing: All the units developed in the implementation phase are integrated into a system after testing of each unit. Post integration the entire system is tested for any faults and failures. Deployment of system: Once the functional and non functional testing is done, the product is deployed in the customer environment or released into the market. Maintenance: There are some issues which come up in the client environment. To fix those issues patches are released. Also to enhance the product some better versions are released. Maintenance is done to deliver these changes in the customer environment. All these phases are cascaded to each other in which progress is seen as flowing steadily downwards (like a waterfall) through the phases. The next phase is started only after the defined set of goals are achieved for previous phase and it is signed off, so the name "Waterfall Model". In this model phases do not overlap. Waterfall Model Application Every software developed is different and requires a suitable SDLC approach to be followed based on the internal and external factors. Some situations where the use of Waterfall model is most appropriate are: KAMNA SINGH CYBER SECURITY NOTES Page 3

Text from page-4

• • • • • • Requirements are very well documented, clear and fixed. Product definition is stable. Technology is understood and is not dynamic. There are no ambiguous requirements. Ample resources with required expertise are available to support the product. The project is short. Waterfall Model Pros & Cons Advantage The advantage of waterfall development is that it allows for departmentalization and control. A schedule can be set with deadlines for each stage of development and a product can proceed through the development process model phases one by one. Development moves from concept, through design, implementation, testing, installation, troubleshooting, and ends up at operation and maintenance. Each phase of development proceeds in strict order. Disadvantage The disadvantage of waterfall development is that it does not allow for much reflection or revision. Once an application is in the testing stage, it is very difficult to go back and change something that was not welldocumented or thought upon in the concept stage. The following table lists out the pros and cons of Waterfall model: Pros • • • • • • • • Simple and easy to understand and use Easy to manage due to the rigidity of the model . each phase has specific deliverables and a review process. Phases are processed and completed one at a time. Works well for smaller projects where requirements are very well understood. Clearly defined stages. Well understood milestones. Easy to arrange tasks. Process and results are well documented. Cons • • • • • • • • • • KAMNA SINGH No working software is produced until late during the life cycle. High amounts of risk and uncertainty. Not a good model for complex and objectoriented projects. Poor model for long and ongoing projects. Not suitable for the projects where requirements are at a moderate to high risk of changing. So risk and uncertainty is high with this process model. It is difficult to measure progress within stages. Cannot accommodate changing requirements. No working software is produced until late in the life cycle. Adjusting scope during the life cycle can end a project. Integration is done as a "big-bang. at the very end, which doesn't allow identifying any technological or business bottleneck or CYBER SECURITY NOTES Page 4

Lecture Notes