Discussion Details CSIS485: Cybersecurity Capstone I (1301)
As you will find in your readings, there is a link between security and quality.
In the first paragraph, examine the relationship between non functional requirements and quality attributes of ISO/IEC 9126-1.
In the second paragraph, analyze the different categories of non functional requirements as they relate to software resilience.
In the third paragraph, tie the concepts together and explain what happens when a system does not have proper security requirements.
Give examples, using current events and hacking news. Be sure to provide at least 1 citation from the text or scripture.
Post-First: This course utilizes the Post-First feature in all Discussions. This means you will only be able to read and interact with your classmates’ threads after you have submitted your thread in response to the provided prompt.
Discussion replies
Respond to both students. Each reply is needed to be 150 words with 1 scholarly source and 1 biblical source
Dakota
The difference between functional and non-functional requirements is an important distinction to make when defining the requirements for a software development project. If the guidelines are not clearly labeled then the customer may not get what they are wanting. This can lead to redesigns and lost money as the organization continues to attempt to get the designs correct.
Functional requirements are requirements that are needed in order for the product to function, such as an email being sent when confirming two-factor authentication. Non-functional requirements are necessary for the product function, but desired by the customer. Such as having a webpage load within a certain amount of time. Understanding these differences can be what stands between a good project and a terrible one.
Non-functional requirements are important in relation to software resilience because they can help ensure the product can still provide an acceptable level of service even if problems start to arise. This helps ensure that users can still utilize your products even when your software is degraded. Jha states, “Non-Functional Requirements (NFRs) describe a set of operational constraints that a software system should exhibit. These constraints are related to the utility of the system, such as its usability, reliability, security, and accessibility” (p. 2). Non-functional requirements can be difficult to define and even harder to implement, leading to security and functionality degradation.
When a system does not have proper security requirements that can lead to varying issues from data leaks to complete and total work stoppage. Implementing proper security requirements for an application can be just as crucial as the application itself. If you are managing users’ medical information then ensuring that information is not leaked is just as important as working with the clients themselves. This is due to HIPPA as well as protecting clients privacy as improper release of medical information can cause exuberant damage to some patients. So ensuring proper cybersecurity protocols are followed is crucial in the development of new applications. Jha, N., & Mahmoud, A. (2019). Mining non-functional requirements from app store reviews.
Empirical Software Engineering, 24(6), 3659-3695.
Andrew
Non-functional requirements are used in software development to address how a product should perform while a program is being executed. Non-functional requirements can be addressed with the following characteristics: functionality, reliability, usability, efficiency, maintainability, and portability. Functionality-based non-functional requirements focus on handling suitability, accuracy, interoperability, and security, which means that these types of requirements are key to making the product function correctly. Reliability quality attributes are typically focused on maturity, fault tolerance, and recoverability, which makes the debugging and testing of the product much easier. Usability attributes are added to the development cycle when developers want the product to be easier to use and learn from. Efficiency attributes are similar to functionality attributes because these quality attributes focus on making the product better at managing time and resources. Maintainability attributes allow developers to build an environment that makes it easier to make changes and a more stable product. Finally, portability quality attributes focus on making the software easier to integrate into previously established systems.
Certain quality attributes closely relate to software resilience. According to Curtis (n.d.), the quality attribute that relates to software resilience the most is the reliability attribute.
Furthermore, Curtis (n.d.) states that maintainability and efficiency are related to software resilience, as all of these attributes (when properly implemented into a software system) can allow software to easily provide proper user functionality and fast recovery times after a catastrophic event, such as a component failure, unexpected input, or malicious attack.
Software resilience and security is extremely important with most industries and companies heavily relying on it to keep them competitive. Malicious attackers will do anything to cause mayhem and destruction if it means they can exploit a software system. One exploit technique that has been featured recently is DLL Sideloading. Although not strictly a “new” exploit, attackers have been using it to cause trustworthy security applications to load malicious payloads onto targets. According to TechRadar (2022), attackers would entice their target to reach a fake security suite download page, which would allow them to install a malicious DLL file that would be recognized and trusted by the exploited antivirus software. The antivirus software in question was Windows Defender, which would trust the DLL to be safe even though it was carrying a payload. This is just one more incentive for software developers to pay closer attention to how software should be designed with both security and resilience in mind.
References
Curtis, B. (n.d.). How do you measure software resilience? Consortium for Information & Software Quality. https://www.it-cisq.org/how-to-measure-software-resilience/
Fadilpašić, S. (2022, November 1). Criminals hijack antivirus software to deliver malware.
Techradar.
https://www.techradar.com/news/criminals-hijack-antivirus-software-to-deliver-malware
