Safeguarding information during the process of introducing a new system in an organizational is critical as it determines whether the system that is being introduced guarantees the security of data stored in the organization. For this reason, it is crucial to evaluate systems against the organizations operational environment to ensure that what is installed does not compromise existing data.
During implementation, it is critical that the system is tested to ensure compliance with the specifications. Key security activities that take place in the implementation phase include integration of the new system into its operational environment, certification activities, testing of security controls, and system accreditation activities (Raj, Singh, & Bansal, 2014;Kiessel, 2008).Integration and acceptance tests occur after the information system has been delivered and installed at the operational site where it was intended for deployment. During this activity, security control settings are enabled in agreement with the instructions of the manufacturers and a number of tests carried out to ensure that the system meets the security standards as per the National Institute of Standards and Technology (Coronel & Morris, 2016; Kiessel, 2008). This caution is critical during the implantation in the sense that it seeks to integrate the developed system into an environment already running on another system thereby necessitating system tests.
Running of tests involves testing of installations to identify areas that are likely to be the source of system disruption or failure after the system becomes fully operational. Usability tests are done by involving the users to test the ease of application of the system regarding meeting objectives of that were identified before the introduction of the system (Kiessel, 2008). Regression testing is done during integration and is meant to avoid a situation where changes made during the development of the system cause new bugs. Besides, the mentioned activity ensures that bugs do not appear as a result of the addition of new software modules after the systems have been put into use. Other tests facilitate recovery, functionality, and handling of workloads, among other objectives. These activities are critical considerations in the implementation phase as they help in verifying and validating the system and also ensuring that security controls are integrated at the operational site (Coronel & Morris, 2016; Kiessel et al., 2008; Grance, Hash & Stevens, 2004).
Security certification entails an evaluation of the adherence to established verification techniques and procedures. This is a legal obligation of FISMA which requires that security controls are periodically tested and evaluated to ensure effective implementation (Kiessel et al., 2088). This is meant to instill confidence that appropriate safeguards and countermeasures have been instituted to ensure safety and security of the data of the target organization. Besides, the process describes the actual vulnerabilities in the information system. Such description is important as it creates the basis for the process of accreditation to take place. This consideration is geared at reducing the liabilities resulting from the inability of authorized users to protect data.
Security accreditation is another regulatory requirement that the process of implementation must obey. As Kiessel et al.(2008) report, OMB Circular A-130 requires the security authorization of an information system to process, store, or transmit information(22). Security authorization is a risk-oriented decision that largely depends on security testing and evaluation results (Kiessel, 2008).The agency sanctions a system based authenticated effectiveness of security controls measured against some agreed upon level of assurance. In other words, ascertainment as to whether the system meets the criteria set out by the information systems regulatory agency is done(Coronel & Morris, 2016). Overly, this consideration is essential in that it determines whether the system would be put into operation or not.
Â
References
Coronel, C., & Morris, S. (2016). Database systems: Design, implementation, and management. Boston, MA: Cengage Learning.
Grance, T., Hash, J., & Stevens, M. (2004). Security considerations in the information system development life cycle. doi:10.6028/nist.sp.800-64r1
Kissel, R., Stine, K. M., Scholl, M. A., Rossman, H., Fahlsing, J., & Gulick, J. (2008). Security considerations in the system development life cycle. doi:10.6028/nist.sp.800-64r2
Raj, G., Singh, D., & Bansal, A. (2014). Analysis for security implementation in SDLC. 2014 5th International Conference - Confluence The Next Generation Information Technology Summit (Confluence). doi:10.1109/confluence.2014.6949376
Â
Â
Request Removal
If you are the original author of this essay and no longer wish to have it published on the thesishelpers.org website, please click below to request its removal:
- Essay Example on Computational Thinking
- Essay Sample: Hacking Cybersecurity
- Research Paper Example: How to Maintain the Security of Data within an Organization's Network
- Personal Statement Example: Computer Networking and Cyber Security with Work Experience
- Essay Example on Technology Diffusion in Nigeria
- Essay Sample on Initial Coin Offering - Fundraising Method for IT Startups
- Criminal or Unethical Hackers - Essay Sample