Kelompok 9 - Paper Review Secure SDLC

Bunga Devina
24 Mar 202525:20

Summary

TLDRThis transcript covers the presentation of research findings by a group on software development life cycle (SDLC) and its security aspects, specifically focusing on the use of AES-128 encryption, SSCDLC models, and strategies for secure software development. Key studies explore cryptography's role in securing digital archives, a novel framework for information security during SDLC implementation, and the impact of SDLC models on adoption intentions. The presentation also delves into strategies for managing security risks in software development, including a case study on an RFID-based library system at Universitas Riau. The research highlights the importance of robust security measures throughout the software development process.

Takeaways

  • ๐Ÿ˜€ The script introduces a group presentation on software development, specifically focusing on S-SDLC (Secure Software Development Life Cycle) and its implementation for secure data management.
  • ๐Ÿ˜€ The first journal discusses the implementation of AES 128 cryptography for securing digital archives in the Minahasa District Library and Archive Department.
  • ๐Ÿ˜€ AES 128 was chosen for its high security and efficiency in the encryption process, ensuring that digital archives are protected from unauthorized access and data manipulation.
  • ๐Ÿ˜€ The methodology for the first journal includes planning, design, implementation, testing, development, and management phases, all ensuring secure data management throughout the system lifecycle.
  • ๐Ÿ˜€ The results of the AES 128 implementation showed efficient encryption and decryption times, confirming the system's effectiveness in protecting archives from breaches.
  • ๐Ÿ˜€ The second journal introduces a novel framework for ensuring information security during the implementation phase of the SDLC, based on systematic literature review (SLR).
  • ๐Ÿ˜€ The SLR methodology identifies 12 key steps organizations can take to mitigate security risks during the SDLC implementation stage, from coordination meetings to system audits.
  • ๐Ÿ˜€ The third journal examines the effect of SDLC models on perceptions of SS-DLC innovation and adoption intention, focusing on the characteristics of security models in software development.
  • ๐Ÿ˜€ The study finds no significant difference in the adoption intent of SDLC models based on their innovation characteristics, though complexity was a factor in model choice.
  • ๐Ÿ˜€ The fourth journal explores security strategy indicators for software development in startups, using an RACI matrix to identify roles and responsibilities in ensuring secure software development.
  • ๐Ÿ˜€ The final journal discusses the design of an automated check-in system based on RFID and barcode technologies for the University of Riau library, successfully improving efficiency and security in library services.

Q & A

  • What is the primary focus of the first journal discussed in the script?

    -The first journal discusses the application of the AES 128 cryptography algorithm in a web-based document management system for the Minahasa Library and Archives Office. It focuses on enhancing data security to protect digital archives from unauthorized access and manipulation.

  • Why was AES 128 chosen for the encryption in the system?

    -AES 128 was selected because it is known for its high security level and efficiency in the encryption and decryption process, making it suitable for protecting digital archives against unauthorized access and data breaches.

  • What are the main stages involved in the methodology of the first journal?

    -The methodology in the first journal includes six main stages: Planning and Analysis, Design, Implementation, Testing, Development, and Management. Each stage ensures that the system meets security requirements and operates efficiently.

  • What were the outcomes of the encryption process in the system discussed in the first journal?

    -The encryption process efficiently encrypted a 1146 KB PDF document in 34 seconds and decrypted it in 35 seconds, successfully preserving all the original information without loss, and ensuring protection against unauthorized access.

  • What is the main concept of the second journal mentioned in the script?

    -The second journal introduces a novel framework for information security during the SDLC implementation stage. It focuses on improving security practices by reviewing literature and identifying 12 key steps organizations can adopt to minimize security risks during software implementation.

  • What are the 12 key steps proposed in the second journal for improving security during SDLC implementation?

    -The 12 key steps include: coordinating meetings, reviewing security policies, securing software installation, conducting kick-off meetings, explaining security goals, providing interdepartmental training, offering technical training, ensuring secure data entry, ensuring secure system operations, providing implementation support, auditing systems, and holding closing meetings to confirm security.

  • How does the second journalโ€™s proposed framework contribute to improving SDLC security?

    -The framework helps organizations apply a structured approach to security during the SDLC's implementation phase, ensuring that security risks are mitigated effectively through systematic actions and measures.

  • What did the third journal explore regarding the adoption of SS/SDLC in software development?

    -The third journal explores how different SDLC models, such as the V model, Agile, and Waterfall, influence software developers' perceptions of SS/SDLC innovation characteristics and their intention to adopt SS/SDLC practices.

  • What were the findings regarding the impact of SDLC models on SS/SDLC adoption in the third journal?

    -The study found no significant differences in the perceptions of SS/SDLC innovation characteristics or the intention to adopt SS/SDLC based on the SDLC model used. However, the iterative model was perceived as having more advantages and compatibility for SS/SDLC adoption.

  • What is the main concern addressed in the fourth journal about secure software development?

    -The fourth journal discusses the importance of a clear strategy for secure software development, particularly in startups, and highlights the role of upper management in implementing security strategies using the RACI Matrix to define roles and responsibilities within the SDLC.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This
โ˜…
โ˜…
โ˜…
โ˜…
โ˜…

5.0 / 5 (0 votes)

Related Tags
Software SecurityCryptographySSDLWeb SecurityDigital ArchivesSystem DevelopmentSoftware Life CycleInformation SecuritySDLC ModelsTechnology Innovation