Vis enkel innførsel

dc.contributor.advisorHämmerli, Bernhard M
dc.contributor.authorBhosale, Varsha
dc.date.accessioned2021-09-23T19:05:50Z
dc.date.available2021-09-23T19:05:50Z
dc.date.issued2020
dc.identifierno.ntnu:inspera:56390147:36034959
dc.identifier.urihttps://hdl.handle.net/11250/2781122
dc.descriptionFull text not available
dc.description.abstract
dc.description.abstractIt has been a long time since the introduction of the Microsoft Secure Development life cycle, providing a framework from companies on how to implement security in the SDLC. But the state of the art is that several companies are not much willing to consider the security aspect while building their applications. We live in a age where Internet of Things is flourishing giving rise to new threats and thus the threat landscape is increasing. We never know what will come in our way when the application is live and in the market for the customers to use. Companies are seen struggling in taking informed decisions when it comes to accepting the importance of implementing security in each and every phase of the SDLC. It becomes important to take into consideration the thought process of the management when it comes to adopting a suitable approach or process for the SDLC. There have always been controversies related to the budget which goes into implementing security, the impact on the delivery schedule, the efforts or resources required and the value it would give in return to the customer and the organization. The goal of the thesis is to help the organization realize the importance of building in security in the application and help them take informed decisions by creating risk awareness. The subjects under focus would be the study of existing practices the organization follows, what if security steps in, how to achieve a trade-off between investment in security and the benefits reaped out of it. It is also equally important to understand the organizational and human factors dealing with information security while building the application. The target audience would be everybody involved in the company(any size) from the executive body to the support/operations team, including the business developers, project managers, system architects, developers, testers,etc in an agile centric environment. The reason in having the entire organization buy in security is because security has to be embedded in every phase to assure an end-to-end security in order to minimize the risks when the product/application is live and is hit by any incident.
dc.language
dc.publisherNTNU
dc.titleEnabling the culture of secure application development in SME
dc.typeMaster thesis


Tilhørende fil(er)

FilerStørrelseFormatVis

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel