SlideShare a Scribd company logo

Software Assurance CSS321Security Static Ana.docx

Download as docx, pdf
W
whitneyleman54422

This document provides an overview of software assurance policies and procedures at ABC Company, a software development firm. It discusses the types of software produced, including desktop, web, and database applications. It analyzes security risks for each type of application and proposes techniques for software assurance. It also describes ABC Company's departmental organization and system design life cycle. The document discusses security considerations for agile development models like Scrum and policies to reduce threats. Potential security issues and mitigation strategies are presented for nontraditional development models. The document is intended to analyze the security of ABC Company's applications and ensure software is optimized.

1 of 17
Download to read offline
Software Assurance CSS321 Security Static Analysis Tools John Doe Jr. 15 March 2017 Contents Background 3 Product Overview 3 Departmental Organization 4 System Design Life Cycle 4 Desktop applications 5
Web Application and Database Application 6 Security in Nontraditional Development Models (New Content) 8 Summary of the major steps and potential threats 8 Policies and processes that reduce threats 10 Security Static Analysis Tools (TBD) 11 Software Assurance Policies and Processes (TBD) 12 References 13 Background ABC is a software development company. It is a medium enterprise that has a wide range of clients from all over the country. The company has its headquarters in Miami, Florida and branches in the United States. The company is making plans to expand out of the United States beginning with Mexico and Canada. ABC focuses on the development of customer made application software. This means that most of the software created in the firm is specifically requested by the clients.
However, some generic software is also created which can later be purchased by a client and re-engineered to fit their specific needs. The software assurance guidelines used by the company are specific to the type of software made. Desktop applications have different assurance specifications from web applications. The guidelines specified will be implemented from development all the way to the client organization. The software guidelines can only be efficient when both the developers and the users adhere to them. Product Overview The company does provide a number of software applications for the government. These applications include Account Pro, which is accounting software. It is desktop software and it is very optimal. The company also provides the government with a police record system. This application is web based and it relies heavily on the internet and the local area networks of the police stations. The application is optimized by a database that stores all of the information. Departmental Organization The firm is organized into four different departments. The first department deals with installation and maintenance of software. This is the after sale services department. This department is vital in the company since software often require patchwork and maintenance. The second department is the specifications research department. This department work hand in hand with the clients to determine the software that the clients require most and they communicate these requirements to the development department that is made up of developers who code and test the applications. The marketing and sales department ensures that the company has good public relations and stays relevant among the clients. System Design Life Cycle The system design life cycle that is used in the organization is
quite traditional and standard. The first phase is planning and information gathering. In this phase the system requirements are gathered and information is gathered from the users. In the next phase, this information is organized and the system is proposed that will be able to solve the problems. Next is the design phase where the coding is done to develop the system. After coding, the system is taken into testing and debugging. If it is optimal, it is taken into the implementation phase where it is introduced to the clients. Maintenance is the last phase that requires updates and patches which leads us back to the first stage and it becomes a cycle (Avison and Shah, 2007). Software Assurance Techniques The guidelines are applied in the phases by ensuring that the specifications gathered are exactly what the client wants. The system design and coding is optimized by debugging and testing and the people who will be in contact with the system are supposed to be trained in the implementation phase so that they are able to use the system optimally and avoid performing tasks that may be detrimental to the application. ABC Company produces software that is consumed by the United States government. The company produces desktop, web and database applications. The software that the company produces will be analyzed in this section to determine the security and performance risks associated with all of these applications as well as the possible implications that these risks may have to the clients. For each risk, techniques for software assurance will be proposed and how these techniques can be applied to ensure that the application is optimized at all times. Desktop applications ABC Company offers a wide range of desktop applications. However, the most robust of all these applications that have
been sold to the government is the Account Pro application. This is software that is installed to a workstation computer and it enables the user to be able to perform complex accounting functions rather easily. However, the person manipulating it must have both accounting and information technology knowledge so that he or she can be able to manipulate the software well. The software does not do all the accounting independently and it requires the expertise of an accountant to be able to function best. This accountant must also be conversant with information technology knowledge in order to operate the application. The application has all the characteristics of a desktop application. This means that it is at a lower risk of intrusion from the internet and other forms of attacks. However, it is still cumbersome to install and maintain. This is why maintenance and installation has to be done independently on every workstation. The ease of access is also reduced since the user has to move to the physical location of the computer with the application in order to access it (Lee et.al, 2008). This makes the use of desktop applications unfavorable due to the cumbersome nature. However, the application is very robust and optimized as far as security is concerned. Guidelines such as the use of user authentication have been put in place to make sure that unauthorized users don't get access to the application. The main threat that the clients face while using this application is however, not from third party intrusion but rather from it becoming out-dated (Lee et.al, 2008). This can reduce the general productivity of the application making it harder for it to be used to solve most if not all of the accounting problems of the client. This will make it inefficient. The application can become out-dated and after five to 10 years, it will no longer satisfy the organization needs that had been identified. Thus, to mitigate this threat, regular maintenance is done on the application and any new requirements are added to the application. This maintenance and patchwork is an aftersales
service that the government is happy to pay for. Web Application and Database Application The web applications sold by the company are often optimized by a database thus making them two in one. The developers prefer php platform to develop these web based applications and the database server most used is SQL. The two platforms work well together once linked to create an optimal application. The company sold a web based application to the police department in south Miami that has been able to help them keep records of the statements made by the public and the arrests that have been made on these statements. This system has also helped them keep record of the development of these cases. Such a system is easier to use than a desktop application since you can be able to access it from anywhere as long as you have internet connection and access the police local area network. It is also easier to install and maintain since the installation is done on a central server and all the users access it in a client- server architecture. This means that the users access it through a web browser (Meier et.al, 2013). However, this application comes with a high risk of third party intrusion. This means that the application can be accessed by an unauthorized third party. Such access can cause the organization of the client to be vulnerable and their records to be tampered with. This can cause unprecedented losses. To handle this, the application does have user authentication and user accounts with logs to help monitor the activities of each user and identify unusual activity. However, the LAN in the police department also needs to be optimized with firewalls and honeypots (Meier et.al, 2013) to ensure that any third party that tries to access the network and thus the application through hacking or cracking is not able to do so. Another threat that the clients may experience is the need for scaling. The records will increase in number and with time, the department will require a larger database with a larger capacity so as to be able to hold all the records available. This scaling is
done through maintenance by slowly expanding the database as the requirements of the user increase. The functionality of the application is also updated regularly. Security in Nontraditional Development Models (New Content) Software security involves combining several strategies to develop integrity, privacy, availability, usability and confidentiality. There are various non-traditional development models that can be used to achieve these objectives and various ways to reduce security threats using agile development models such as Scrum. ABC Corporation will use the scrum methodology. Scrum provides a firm with freedom to execute most operations. One of its most important aspects is the elimination of a regular manager. The following is the overview of the important concepts involved in the model (Avison and Shah, 2007).Summary of the major steps and potential threats The Scrum team has three roles. The first one is the Product Owner that represents the stakeholders and clients. The Scrum master, on the other hand, helps in eliminating problems, while the Developers have the skills to transport products within the system. Stories are the needs that are stated from the perspective of the clients. Product Backlog is a list of requirements, stories, and objects that need completion so that they can provide end- product. Tasks and subtasks represent steps created based on backlog items. In the sprint planning, the members of the team select objects that need to be finished in the subsequent sprint from backlog (Lee et.al, 2008). Sprint works as the platform in which tasks are completed. It is during the sprints where items are redefined, deleted or added. The Daily Scrum is where team members meet and discuss the previous achievements and focus on the upcoming activities. The definition of done is a criterion to examine whether items
are ready after a test is performed. The sprint review occurs at the final stage; the teams check for any issues that emerged after completion of every sprint (Avison and Shah, 2007). The sprint retrospective is where the members of the team look at the final product and do reviews. It is at this point where members can reflect on the activities and make suggestions for further developments. This is a summary of the steps involved in the Scrum operation. First, product own develops a wish list known as a product backlog. Secondly, in the sprint planning, the team takes the top priorities from the wish list and describes the ways of implementing the pieces. Thirdly, the team takes some time like four weeks to ensure completion of the task. It is important to understand that the team will have daily meetings to ensure there is satisfactory progress. The Scrum master has the function of making sure the team focuses on the primary goal (Meier et.al, 2013). During the end of the sprint, the task will be completed and can be transported to the clients or presented to the stakeholders for assessment. In the end, there will be sprint review and a retrospective. When dealing with Scrum there are various security threats. For instance, in each Sprint approach, there are issues with security flaws that might allow hackers to access the crucial information of the company. In this case, there is a need to employ experts to help in the management of the risks. Another mitigation strategy is the addition of extra testers to perform regular checkups on the system. Another risk that might occur is the lack of enough time to address potential security threats. An example of a risk is the emergence of viruses that might adversely affect critical information. In such a case the clients will be informed of the occurrence of the issue and look for a way to stop any further destruction by the virus. The firm will also have to input other resources to address the problem (Lee et.al, 2008). In summary, if a threat is critical, there will be a need to carry out an urgent action. The critical issue will have to be dealt with on a daily basis to ensure there are
effective measures in place to stop the threat. The organization members will have to notify the senior management of the risk. On the other hand, when the issue is minimal, the review of the system would be carried out quarterly.Policies and processes that reduce threats There are various security regulations provided to minimize risks. The first activity is the development of artifacts. They include security architecture, the definition of security threats, risk analysis, and the process of setting guidelines to reduce effects of the risks. ABC Company should have a group of security developers that will be in charge of maintaining security; this is crucial because duties will be delegated to the members of the team and a single individual will not perform many tasks (Meier et.al, 2013). First, there is a need to provide training on particular technologies like database engines, frameworks, and operating systems. Secondly in order to reduce threats is to provide a proper review of the interface, code and test case. Another policy that is critical to the reduction of security threats is to utilize security testing to ensure everything is secure. The other process is the establishment of safety audits at any particular time in the project. Finally, reviews are developed after completion of objects in the backlog and time checks are developed at control points. Security Static Analysis (TBD) Okay, these are the things I need. Please begin on this page and add 5-6 pages for this section. Come up with an application that ABC company may use and prepare a design for the application. So, prepare a design for application. Use appropriated diagrams to identify the major components of the application. Describe the major components of the application
and security issues that may arise with it relative to the security development model. Create code. It can be C++ Java or C code; just be sure to include the code for the application in this document. If you have any questions, let me know. Remember, I need at least 5 pages. · Prepare a design for an application your organization might produce. · Include appropriate diagrams to identify the major components of the application. · Describe the major components and potential security issues where appropriate and as related to the security development model. · Create code samples in C, C++, or Java to illustrate the tenets of the security development model. · Identify at least 3 security static-analysis tools, and prepare guidelines for how they would be used in the sample code and throughout the software development in the company Software Assurance Policies and Processes (TBD)
References Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., & Murukan, A. (2013). Improving web application security: threats and countermeasures. Microsoft Corporation, 3. Lee, D. C., Crowley, P. J., Baer, J. L., Anderson, T. E., & Bershad, B. N. (2008, April). Execution characteristics of desktop applications on Windows NT. In ACM SIGARCH Computer Architecture News (Vol. 26, No. 3, pp. 27-38). IEEE Computer Society. Avison, D. E., & Shah, H. U. (2007). The information systems development life cycle: A first course in information systems. McGraw-Hill. 1 posts Re:Topic 8 DQ 2 Reflect on three of the articles you have chosen for the literature review assignment. How will these articles help you
proceed from here? Bashir, G. M., Khan, H. U., & Fournier-Bonilla, S. D. (2016). Applying adragogy theory to an adult multicultural audience: How cultural factors influence the capacity for adults to learn information technology concepts in the classroom environment.Preceedings for the Northeast Regional Decision Sciences Institute (NEDSI), (pp. 1-15). I found the research by Bashir, Khan, & Fournier-Bonilla (2016) especially interesting as it really spoke about to the diversity aspect of college campuses today. Diversity is in the form of gender, age, socioeconomic, and geographic. Traditioanl pedagogy methods do not work with all learners and facutly are being faced iwht teaching adults using an adragogy theory. This article does continue on to talk about training needs of full-time faculty, however doesn’t address the adjunct population. This article is definitely one that I am going to continue to research, it also had a tremendous amount of sources that I can use. Lopes-Murphy, S. A. (2014). Experiences in postsecondary education that may lead to cultural intelligence: Exploring and proposing practices. International Jounral of Teaching and Learning in Higher Education, 26(2), 287-296. Lopes-Murphy (2014) was a very interesting article for me as it was one of several that actually identified a gap that I could use to further explore my topic of cultural intelligence’s impact on engagement, specifically in regard to university faculty. This article stated that on seven percent of BA graduates meet the entry levels of cultural intelligence. The gap is that they believe that the faculty may have something to do with it, and that faculty members need to know their CQ levels as well. It also suggests that CQ needs to be evaluated across all departments, majors, and delivery methods. This article really was the article that I needed to find. I will continue to search for newer research studies that have referenced this author to see if there are any new additional places and studies that I need to review.
Elkhouly, S. M., & Amer, M. G. (2013). Examining the relationship between cultural intelligence and conflict resolution styles in the industrial sector in Egypt. Competition Forum, 11(2), 140-153. In this article Elkhouly & Amer (2013) conducted research on Egyptian and English leaders and suggested that while gender did not have any effect on cultural intelligence levels that language skills did. What they suggested in that universities use foreign language teachers to teach cultural intelligence courses. Part of my study was going to compare teaching delivery model (online, hybrid, or land based) as well as major to see if there were any differnce among CQ levels. The concern that I have is that I am spreading my research out in too many ways, so I need to narrow it down. References: Bashir, G. M., Khan, H. U., & Fournier-Bonilla, S. D. (2016). Applying adragogy theory to an adult multicultural audience: How cultural factors influence the capacity for adults to learn information technology concepts in the classroom environment.Preceedings for the Northeast Regional Decision Sciences Institute (NEDSI), (pp. 1-15). Lopes-Murphy, S. A. (2014). Experiences in postsecondary education that may lead to cultural intelligence: Exploring and proposing practices. International Jounral of Teaching and Learning in Higher Education, 26(2), 287-296. Elkhouly, S. M., & Amer, M. G. (2013). Examining the relationship between cultural intelligence and conflict resolution styles in the industrial sector in Egypt. Competition Forum, 11(2), 140-153. 1 posts Re:Topic 8 DQ 1 Qualitative researchers can use questionnaires to collect data. Suppose a qualitative researcher is interested in the behaviors of physicians that have high ratings of patient satisfaction. The
research goal is to identify the behaviors of successful physicians so that these behaviors can be built into the curricula of medical preparation programs. The researcher undertakes a case study and uses three instruments to gather data. 1. First, the researcher gives a likert-scale questionnaire to patients of a select group of physicians to determine the perceived behaviors that lend to higher levels of satisfaction. 2. Second, the researcher reviews video recordings of physician-patient encounters from 10 physicians who have been rated highly by patients in a reliable satisfaction survey. 3. Third, the researcher interviews patients to glean more detail about physical behaviors that improve patient satisfaction. How might these data be analyzed separately and then triangulated as the researcher presents the results? The likert scale data could be analyzed to determine which behaviors the patients valued. For instance, they may have valued the physician’s genuinely, sincerity, or candidness. They may have also valued the physician’s ability or willingness to explain conditions and their options to the patients. The responses to the likert scale questions would yield valuable information about the patient’s perspective that could be used. The video recording could be coded to capture the physician’s actions and the patient’s reactions. For instance, did the physician explain the condition or the prescribed medications to the patent or did they simply give administration instructions. How did the patient respond to the encounter? Did they nod in acknowledgement, did they ask clarifying questions, did they scowl? These behavioral clues would give valuable information about how the physician and the patient value the encounter. The interviews would also give valuable information about the patient’s perspective. The results could be coded and the researcher could look for themes. All of these sources should be analyzed separately and then triangulated to determine if they come to the same conclusion. In this case, Carter, Bryant-Lukosius, DiCenso, Blythe and Neville (2014) note that this would be considered method
triangulation because the researcher used different methods to collect the data before combining it. To operationalize triangulation, Creswell (2014) recommends “examining evidence from the sources and using it to build a coherent justification for themes” (p. 201). For instance, looking at the results from each method to determine if openness is present. If openness is present in all three data sources, then it would justify its inclusion as a theme. Combining the results from different methods would give a fuller picture of the phenomenon in question, in this case behaviors of successful physicians (Virginia, 2014). Carter, N., Bryant-Lukosius, D., DiCenso, A., Blythe, J., & Neville, A. J. (2014). The Use of triangulation in qualitative research. Oncology Nursing Forum, 41(5), 545-547. doi:10.1188/14.ONF.545-547 Creswell, J. W. (2014). Research design: qualitative, quantitative, and mixed methods approaches. (4th ed.). Los Angeles, CA: Sage. Virginia, W. (2014). Research methods: Triangulation. Evidence Based Library And Information Practice, Vol 9, Iss 1, Pp 74-75 (2014), (1), 74. 1 posts Re:Topic 8 DQ 1 Qualitative researchers can use questionnaires to collect data. Suppose a qualitative researcher is interested in the behaviors of physicians that have high ratings of patient satisfaction. The research goal is to identify the behaviors of successful physicians so that these behaviors can be built into the curricula of medical preparation programs. The researcher undertakes a case study and uses three instruments to gather data. 1. First, the researcher gives a likert-scale questionnaire to patients of a select group of physicians to determine the perceived behaviors that lend to higher levels of satisfaction. 2. Second, the researcher reviews video recordings of physician-patient encounters from 10 physicians who have been
rated highly by patients in a reliable satisfaction survey. 3. Third, the researcher interviews patients to glean more detail about physical behaviors that improve patient satisfaction. How might these data be analyzed separately and then triangulated as the researcher presents the results? Each of these methods focus on a very different part of the research process, and will therefore yield different results. The nice thing about this is that it will be looking at many different angles of the doctor-patient relationship, which will answer questions regarding what it takes to be a physician that develops a good relationship with patients and has high levels of patient satisfaction. Researchers have found that the use of triangulation is extremely helpful in medical research, because it can bring clarity to the results (Tonkin-Crine et al, 2016). For this particular instance, examining the likert-scale results can bring insight into what behaviors that the doctors portrayed or failed to portray brought higher results among the patients surveyed. Video recordings could be coded for many things, including observed body language and behaviors of both patients and doctors of those who scored highly on the likert- scale surveys. Personal interviews of the patients can clarify some of the ratings and discover the reasoning behind certain ratings, what was most valuable to the patient within the interaction, and how they felt about certain behaviors. Using triangulation to compare and combine all results would be an effective method for adding to the understanding of what factors lead to good relationships between patients and physicians, and what things educational programs can implement in order to better prepare doctors for work in the field. Tonkin-Crine, S., Anthierens, S., Hood, K., Yardley, L., Cals, J. L., Francis, N. A., & ... GRACE INTRO/CHAMP, c. (2016). Discrepancies between qualitative and quantitative evaluation of randomised controlled trial results: achieving clarity through mixed methods triangulation. Implementation Science, 111-8. doi:10.1186/s13012-016-0436-0
Software Assurance CSS321Security Static Ana.docx
Ad

Recommended

CSE18R264 - Unit 1.pptx
CSE18R264 - Unit 1.pptxCSE18R264 - Unit 1.pptx
CSE18R264 - Unit 1.pptx
YouTube299255
 
Test funda
Test fundaTest funda
Test funda
Nihar Ranjan Paital
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid Decisions
Kishore Jethanandani, MBA, MA, MPhil,
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
ASSIGNMENT
ASSIGNMENT ASSIGNMENT
ASSIGNMENT
خالد الرشيدي
 
Software Design ImplementationConnie FarrisColor.docx
Software Design ImplementationConnie FarrisColor.docxSoftware Design ImplementationConnie FarrisColor.docx
Software Design ImplementationConnie FarrisColor.docx
rosemariebrayshaw
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
 
JEE Technology Concepts in Details for web development.pptx
JEE Technology Concepts in Details for web development.pptxJEE Technology Concepts in Details for web development.pptx
JEE Technology Concepts in Details for web development.pptx
Mithun DSouza
 
Open standards for enterprise applications
Open standards for enterprise applicationsOpen standards for enterprise applications
Open standards for enterprise applications
Kumar
 
2 pages, each question a pageFinal Research Question (s).docx
2 pages, each question a pageFinal Research Question (s).docx2 pages, each question a pageFinal Research Question (s).docx
2 pages, each question a pageFinal Research Question (s).docx
felicidaddinwoodie
 
Project Risk ManagementIntroductionRisk management is one of .docx
Project Risk ManagementIntroductionRisk management is one of .docxProject Risk ManagementIntroductionRisk management is one of .docx
Project Risk ManagementIntroductionRisk management is one of .docx
briancrawford30935
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and IT
Komalah Nair
 
Week 7 - Choices in Systems Acquisition and Risks, Security,.docx
Week 7 - Choices in Systems Acquisition and Risks, Security,.docxWeek 7 - Choices in Systems Acquisition and Risks, Security,.docx
Week 7 - Choices in Systems Acquisition and Risks, Security,.docx
helzerpatrina
 
Why Traditional Security has Failed
Why Traditional Security has Failed Why Traditional Security has Failed
Why Traditional Security has Failed
Steven_Jackson
 
Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...
CSITiaesprime
 
Chapter 2- Software Security FULL SLIDES.ppt
Chapter 2- Software Security FULL SLIDES.pptChapter 2- Software Security FULL SLIDES.ppt
Chapter 2- Software Security FULL SLIDES.ppt
Lina Shimelis
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
SJeffrey23
 
1Project Deliverable 1 Project Plan InceptionJe.docx
1Project Deliverable 1 Project Plan InceptionJe.docx1Project Deliverable 1 Project Plan InceptionJe.docx
1Project Deliverable 1 Project Plan InceptionJe.docx
eugeniadean34240
 
Application Profile Knowledgeware
Application Profile KnowledgewareApplication Profile Knowledgeware
Application Profile Knowledgeware
GlenWhite
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
Testing desktop application police station information management system
Testing desktop application police station information management systemTesting desktop application police station information management system
Testing desktop application police station information management system
Salam Shah
 
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Dana Gardner
 
22598435 project-on-banking-system-in-mis-pdf(1)
22598435 project-on-banking-system-in-mis-pdf(1)22598435 project-on-banking-system-in-mis-pdf(1)
22598435 project-on-banking-system-in-mis-pdf(1)
Sruthi S
 
22598435 project-on-banking-system-in-mis-pdf
22598435 project-on-banking-system-in-mis-pdf22598435 project-on-banking-system-in-mis-pdf
22598435 project-on-banking-system-in-mis-pdf
Deepak Malusare
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
Maganathin Veeraragaloo
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
gealehegn
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
JDi Data Claims Manager Overview
JDi Data Claims Manager OverviewJDi Data Claims Manager Overview
JDi Data Claims Manager Overview
jdidata
 
In this unit, you will experience the powerful impact communication .docx
In this unit, you will experience the powerful impact communication .docxIn this unit, you will experience the powerful impact communication .docx
In this unit, you will experience the powerful impact communication .docx
whitneyleman54422
 
In this task, you will write an analysis (suggested length of 3–5 .docx
In this task, you will write an analysis (suggested length of 3–5 .docxIn this task, you will write an analysis (suggested length of 3–5 .docx
In this task, you will write an analysis (suggested length of 3–5 .docx
whitneyleman54422
 
Ad

More Related Content

Similar to Software Assurance CSS321Security Static Ana.docx (20)

Open standards for enterprise applications
Open standards for enterprise applicationsOpen standards for enterprise applications
Open standards for enterprise applications
Kumar
 
2 pages, each question a pageFinal Research Question (s).docx
2 pages, each question a pageFinal Research Question (s).docx2 pages, each question a pageFinal Research Question (s).docx
2 pages, each question a pageFinal Research Question (s).docx
felicidaddinwoodie
 
Project Risk ManagementIntroductionRisk management is one of .docx
Project Risk ManagementIntroductionRisk management is one of .docxProject Risk ManagementIntroductionRisk management is one of .docx
Project Risk ManagementIntroductionRisk management is one of .docx
briancrawford30935
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and IT
Komalah Nair
 
Week 7 - Choices in Systems Acquisition and Risks, Security,.docx
Week 7 - Choices in Systems Acquisition and Risks, Security,.docxWeek 7 - Choices in Systems Acquisition and Risks, Security,.docx
Week 7 - Choices in Systems Acquisition and Risks, Security,.docx
helzerpatrina
 
Why Traditional Security has Failed
Why Traditional Security has Failed Why Traditional Security has Failed
Why Traditional Security has Failed
Steven_Jackson
 
Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...
CSITiaesprime
 
Chapter 2- Software Security FULL SLIDES.ppt
Chapter 2- Software Security FULL SLIDES.pptChapter 2- Software Security FULL SLIDES.ppt
Chapter 2- Software Security FULL SLIDES.ppt
Lina Shimelis
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
SJeffrey23
 
1Project Deliverable 1 Project Plan InceptionJe.docx
1Project Deliverable 1 Project Plan InceptionJe.docx1Project Deliverable 1 Project Plan InceptionJe.docx
1Project Deliverable 1 Project Plan InceptionJe.docx
eugeniadean34240
 
Application Profile Knowledgeware
Application Profile KnowledgewareApplication Profile Knowledgeware
Application Profile Knowledgeware
GlenWhite
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
Testing desktop application police station information management system
Testing desktop application police station information management systemTesting desktop application police station information management system
Testing desktop application police station information management system
Salam Shah
 
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Dana Gardner
 
22598435 project-on-banking-system-in-mis-pdf(1)
22598435 project-on-banking-system-in-mis-pdf(1)22598435 project-on-banking-system-in-mis-pdf(1)
22598435 project-on-banking-system-in-mis-pdf(1)
Sruthi S
 
22598435 project-on-banking-system-in-mis-pdf
22598435 project-on-banking-system-in-mis-pdf22598435 project-on-banking-system-in-mis-pdf
22598435 project-on-banking-system-in-mis-pdf
Deepak Malusare
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
Maganathin Veeraragaloo
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
gealehegn
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
JDi Data Claims Manager Overview
JDi Data Claims Manager OverviewJDi Data Claims Manager Overview
JDi Data Claims Manager Overview
jdidata
 
Open standards for enterprise applications
Open standards for enterprise applicationsOpen standards for enterprise applications
Open standards for enterprise applications
Kumar
 
2 pages, each question a pageFinal Research Question (s).docx
2 pages, each question a pageFinal Research Question (s).docx2 pages, each question a pageFinal Research Question (s).docx
2 pages, each question a pageFinal Research Question (s).docx
felicidaddinwoodie
 
Project Risk ManagementIntroductionRisk management is one of .docx
Project Risk ManagementIntroductionRisk management is one of .docxProject Risk ManagementIntroductionRisk management is one of .docx
Project Risk ManagementIntroductionRisk management is one of .docx
briancrawford30935
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and IT
Komalah Nair
 
Week 7 - Choices in Systems Acquisition and Risks, Security,.docx
Week 7 - Choices in Systems Acquisition and Risks, Security,.docxWeek 7 - Choices in Systems Acquisition and Risks, Security,.docx
Week 7 - Choices in Systems Acquisition and Risks, Security,.docx
helzerpatrina
 
Why Traditional Security has Failed
Why Traditional Security has Failed Why Traditional Security has Failed
Why Traditional Security has Failed
Steven_Jackson
 
Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...
CSITiaesprime
 
Chapter 2- Software Security FULL SLIDES.ppt
Chapter 2- Software Security FULL SLIDES.pptChapter 2- Software Security FULL SLIDES.ppt
Chapter 2- Software Security FULL SLIDES.ppt
Lina Shimelis
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
SJeffrey23
 
1Project Deliverable 1 Project Plan InceptionJe.docx
1Project Deliverable 1 Project Plan InceptionJe.docx1Project Deliverable 1 Project Plan InceptionJe.docx
1Project Deliverable 1 Project Plan InceptionJe.docx
eugeniadean34240
 
Application Profile Knowledgeware
Application Profile KnowledgewareApplication Profile Knowledgeware
Application Profile Knowledgeware
GlenWhite
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
Testing desktop application police station information management system
Testing desktop application police station information management systemTesting desktop application police station information management system
Testing desktop application police station information management system
Salam Shah
 
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Embarcadero Technologies' AppWave Modernizes PC Desktops with App Store Conve...
Dana Gardner
 
22598435 project-on-banking-system-in-mis-pdf(1)
22598435 project-on-banking-system-in-mis-pdf(1)22598435 project-on-banking-system-in-mis-pdf(1)
22598435 project-on-banking-system-in-mis-pdf(1)
Sruthi S
 
22598435 project-on-banking-system-in-mis-pdf
22598435 project-on-banking-system-in-mis-pdf22598435 project-on-banking-system-in-mis-pdf
22598435 project-on-banking-system-in-mis-pdf
Deepak Malusare
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
Maganathin Veeraragaloo
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
gealehegn
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
JDi Data Claims Manager Overview
JDi Data Claims Manager OverviewJDi Data Claims Manager Overview
JDi Data Claims Manager Overview
jdidata
 

More from whitneyleman54422 (20)

In this unit, you will experience the powerful impact communication .docx
In this unit, you will experience the powerful impact communication .docxIn this unit, you will experience the powerful impact communication .docx
In this unit, you will experience the powerful impact communication .docx
whitneyleman54422
 
In this task, you will write an analysis (suggested length of 3–5 .docx
In this task, you will write an analysis (suggested length of 3–5 .docxIn this task, you will write an analysis (suggested length of 3–5 .docx
In this task, you will write an analysis (suggested length of 3–5 .docx
whitneyleman54422
 
In this SLP you will identify where the major transportation modes a.docx
In this SLP you will identify where the major transportation modes a.docxIn this SLP you will identify where the major transportation modes a.docx
In this SLP you will identify where the major transportation modes a.docx
whitneyleman54422
 
In this module the student will present writing which focuses attent.docx
In this module the student will present writing which focuses attent.docxIn this module the student will present writing which focuses attent.docx
In this module the student will present writing which focuses attent.docx
whitneyleman54422
 
In this module, we looked at a variety of styles in the Renaissa.docx
In this module, we looked at a variety of styles in the Renaissa.docxIn this module, we looked at a variety of styles in the Renaissa.docx
In this module, we looked at a variety of styles in the Renaissa.docx
whitneyleman54422
 
In this experiential learning experience, you will evaluate a health.docx
In this experiential learning experience, you will evaluate a health.docxIn this experiential learning experience, you will evaluate a health.docx
In this experiential learning experience, you will evaluate a health.docx
whitneyleman54422
 
In this essay you should combine your practice responding and analyz.docx
In this essay you should combine your practice responding and analyz.docxIn this essay you should combine your practice responding and analyz.docx
In this essay you should combine your practice responding and analyz.docx
whitneyleman54422
 
In this Discussion, pick one film to write about and answer ques.docx
In this Discussion, pick one film to write about and answer ques.docxIn this Discussion, pick one film to write about and answer ques.docx
In this Discussion, pick one film to write about and answer ques.docx
whitneyleman54422
 
In this assignment, you will identify and interview a family who.docx
In this assignment, you will identify and interview a family who.docxIn this assignment, you will identify and interview a family who.docx
In this assignment, you will identify and interview a family who.docx
whitneyleman54422
 
In this assignment, you will assess the impact of health legisla.docx
In this assignment, you will assess the impact of health legisla.docxIn this assignment, you will assess the impact of health legisla.docx
In this assignment, you will assess the impact of health legisla.docx
whitneyleman54422
 
In this assignment, you will create a presentation. Select a topic o.docx
In this assignment, you will create a presentation. Select a topic o.docxIn this assignment, you will create a presentation. Select a topic o.docx
In this assignment, you will create a presentation. Select a topic o.docx
whitneyleman54422
 
In this assignment, the student will understand the growth and devel.docx
In this assignment, the student will understand the growth and devel.docxIn this assignment, the student will understand the growth and devel.docx
In this assignment, the student will understand the growth and devel.docx
whitneyleman54422
 
In this assignment, I want you to locate two pieces of news detailin.docx
In this assignment, I want you to locate two pieces of news detailin.docxIn this assignment, I want you to locate two pieces of news detailin.docx
In this assignment, I want you to locate two pieces of news detailin.docx
whitneyleman54422
 
In this assignment worth 150 points, you will consider the present-d.docx
In this assignment worth 150 points, you will consider the present-d.docxIn this assignment worth 150 points, you will consider the present-d.docx
In this assignment worth 150 points, you will consider the present-d.docx
whitneyleman54422
 
In the readings thus far, the text identified many early American in.docx
In the readings thus far, the text identified many early American in.docxIn the readings thus far, the text identified many early American in.docx
In the readings thus far, the text identified many early American in.docx
whitneyleman54422
 
In the Roman Colony, leaders, or members of the court, were to be.docx
In the Roman Colony, leaders, or members of the court, were to be.docxIn the Roman Colony, leaders, or members of the court, were to be.docx
In the Roman Colony, leaders, or members of the court, were to be.docx
whitneyleman54422
 
In the provided scenario there are a few different crimes being .docx
In the provided scenario there are a few different crimes being .docxIn the provided scenario there are a few different crimes being .docx
In the provided scenario there are a few different crimes being .docx
whitneyleman54422
 
Stoichiometry Lab – The Chemistry Behind Carbonates reacting with .docx
Stoichiometry Lab – The Chemistry Behind Carbonates reacting with .docxStoichiometry Lab – The Chemistry Behind Carbonates reacting with .docx
Stoichiometry Lab – The Chemistry Behind Carbonates reacting with .docx
whitneyleman54422
 
Stock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docx
Stock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docxStock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docx
Stock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docx
whitneyleman54422
 
Stewart Guthrie, Faces in the Clouds Oxford UP, 1993.docx
Stewart Guthrie, Faces in the Clouds Oxford UP, 1993.docxStewart Guthrie, Faces in the Clouds Oxford UP, 1993.docx
Stewart Guthrie, Faces in the Clouds Oxford UP, 1993.docx
whitneyleman54422
 
In this unit, you will experience the powerful impact communication .docx
In this unit, you will experience the powerful impact communication .docxIn this unit, you will experience the powerful impact communication .docx
In this unit, you will experience the powerful impact communication .docx
whitneyleman54422
 
In this task, you will write an analysis (suggested length of 3–5 .docx
In this task, you will write an analysis (suggested length of 3–5 .docxIn this task, you will write an analysis (suggested length of 3–5 .docx
In this task, you will write an analysis (suggested length of 3–5 .docx
whitneyleman54422
 
In this SLP you will identify where the major transportation modes a.docx
In this SLP you will identify where the major transportation modes a.docxIn this SLP you will identify where the major transportation modes a.docx
In this SLP you will identify where the major transportation modes a.docx
whitneyleman54422
 
In this module the student will present writing which focuses attent.docx
In this module the student will present writing which focuses attent.docxIn this module the student will present writing which focuses attent.docx
In this module the student will present writing which focuses attent.docx
whitneyleman54422
 
In this module, we looked at a variety of styles in the Renaissa.docx
In this module, we looked at a variety of styles in the Renaissa.docxIn this module, we looked at a variety of styles in the Renaissa.docx
In this module, we looked at a variety of styles in the Renaissa.docx
whitneyleman54422
 
In this experiential learning experience, you will evaluate a health.docx
In this experiential learning experience, you will evaluate a health.docxIn this experiential learning experience, you will evaluate a health.docx
In this experiential learning experience, you will evaluate a health.docx
whitneyleman54422
 
In this essay you should combine your practice responding and analyz.docx
In this essay you should combine your practice responding and analyz.docxIn this essay you should combine your practice responding and analyz.docx
In this essay you should combine your practice responding and analyz.docx
whitneyleman54422
 
In this Discussion, pick one film to write about and answer ques.docx
In this Discussion, pick one film to write about and answer ques.docxIn this Discussion, pick one film to write about and answer ques.docx
In this Discussion, pick one film to write about and answer ques.docx
whitneyleman54422
 
In this assignment, you will identify and interview a family who.docx
In this assignment, you will identify and interview a family who.docxIn this assignment, you will identify and interview a family who.docx
In this assignment, you will identify and interview a family who.docx
whitneyleman54422
 
In this assignment, you will assess the impact of health legisla.docx
In this assignment, you will assess the impact of health legisla.docxIn this assignment, you will assess the impact of health legisla.docx
In this assignment, you will assess the impact of health legisla.docx
whitneyleman54422
 
In this assignment, you will create a presentation. Select a topic o.docx
In this assignment, you will create a presentation. Select a topic o.docxIn this assignment, you will create a presentation. Select a topic o.docx
In this assignment, you will create a presentation. Select a topic o.docx
whitneyleman54422
 
In this assignment, the student will understand the growth and devel.docx
In this assignment, the student will understand the growth and devel.docxIn this assignment, the student will understand the growth and devel.docx
In this assignment, the student will understand the growth and devel.docx
whitneyleman54422
 
In this assignment, I want you to locate two pieces of news detailin.docx
In this assignment, I want you to locate two pieces of news detailin.docxIn this assignment, I want you to locate two pieces of news detailin.docx
In this assignment, I want you to locate two pieces of news detailin.docx
whitneyleman54422
 
In this assignment worth 150 points, you will consider the present-d.docx
In this assignment worth 150 points, you will consider the present-d.docxIn this assignment worth 150 points, you will consider the present-d.docx
In this assignment worth 150 points, you will consider the present-d.docx
whitneyleman54422
 
In the readings thus far, the text identified many early American in.docx
In the readings thus far, the text identified many early American in.docxIn the readings thus far, the text identified many early American in.docx
In the readings thus far, the text identified many early American in.docx
whitneyleman54422
 
In the Roman Colony, leaders, or members of the court, were to be.docx
In the Roman Colony, leaders, or members of the court, were to be.docxIn the Roman Colony, leaders, or members of the court, were to be.docx
In the Roman Colony, leaders, or members of the court, were to be.docx
whitneyleman54422
 
In the provided scenario there are a few different crimes being .docx
In the provided scenario there are a few different crimes being .docxIn the provided scenario there are a few different crimes being .docx
In the provided scenario there are a few different crimes being .docx
whitneyleman54422
 
Stoichiometry Lab – The Chemistry Behind Carbonates reacting with .docx
Stoichiometry Lab – The Chemistry Behind Carbonates reacting with .docxStoichiometry Lab – The Chemistry Behind Carbonates reacting with .docx
Stoichiometry Lab – The Chemistry Behind Carbonates reacting with .docx
whitneyleman54422
 
Stock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docx
Stock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docxStock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docx
Stock-Trak Portfolio Report Write-Up GuidelinesYou may want to.docx
whitneyleman54422
 
Stewart Guthrie, Faces in the Clouds Oxford UP, 1993.docx
Stewart Guthrie, Faces in the Clouds Oxford UP, 1993.docxStewart Guthrie, Faces in the Clouds Oxford UP, 1993.docx
Stewart Guthrie, Faces in the Clouds Oxford UP, 1993.docx
whitneyleman54422
 
Ad

Recently uploaded (20)

How to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 InventoryHow to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 Inventory
Celine George
 
MCQS (EMERGENCY NURSING) DR. NASIR MUSTAFA
MCQS (EMERGENCY NURSING) DR. NASIR MUSTAFAMCQS (EMERGENCY NURSING) DR. NASIR MUSTAFA
MCQS (EMERGENCY NURSING) DR. NASIR MUSTAFA
Dr. Nasir Mustafa
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
IPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdf
IPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdfIPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdf
IPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdf
Quiz Club of PSG College of Arts & Science
 
Chemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptxChemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptx
Mayuri Chavan
 
Dastur_ul_Amal under Jahangir Key Features.pptx
Dastur_ul_Amal under Jahangir Key Features.pptxDastur_ul_Amal under Jahangir Key Features.pptx
Dastur_ul_Amal under Jahangir Key Features.pptx
omorfaruqkazi
 
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales moduleHow To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
Celine George
 
INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024
INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024
INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024
Quiz Club of PSG College of Arts & Science
 
PUBH1000 Slides - Module 12: Advocacy for Health
PUBH1000 Slides - Module 12: Advocacy for HealthPUBH1000 Slides - Module 12: Advocacy for Health
PUBH1000 Slides - Module 12: Advocacy for Health
JonathanHallett4
 
Pope Leo XIV, the first Pope from North America.pptx
Pope Leo XIV, the first Pope from North America.pptxPope Leo XIV, the first Pope from North America.pptx
Pope Leo XIV, the first Pope from North America.pptx
Martin M Flynn
 
How to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo SlidesHow to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo Slides
Celine George
 
114P_English.pdf114P_English.pdf114P_English.pdf
114P_English.pdf114P_English.pdf114P_English.pdf114P_English.pdf114P_English.pdf114P_English.pdf
114P_English.pdf114P_English.pdf114P_English.pdf
paulinelee52
 
UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...
UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...
UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...
businessweekghana
 
U3 ANTITUBERCULAR DRUGS Pharmacology 3.pptx
U3 ANTITUBERCULAR DRUGS Pharmacology 3.pptxU3 ANTITUBERCULAR DRUGS Pharmacology 3.pptx
U3 ANTITUBERCULAR DRUGS Pharmacology 3.pptx
Mayuri Chavan
 
How to Change Sequence Number in Odoo 18 Sale Order
How to Change Sequence Number in Odoo 18 Sale OrderHow to Change Sequence Number in Odoo 18 Sale Order
How to Change Sequence Number in Odoo 18 Sale Order
Celine George
 
Aerospace Engineering Homework Help Guide – Expert Support for Academic Success
Aerospace Engineering Homework Help Guide – Expert Support for Academic SuccessAerospace Engineering Homework Help Guide – Expert Support for Academic Success
Aerospace Engineering Homework Help Guide – Expert Support for Academic Success
online college homework help
 
Classification of mental disorder in 5th semester bsc. nursing and also used ...
Classification of mental disorder in 5th semester bsc. nursing and also used ...Classification of mental disorder in 5th semester bsc. nursing and also used ...
Classification of mental disorder in 5th semester bsc. nursing and also used ...
parmarjuli1412
 
How to Share Accounts Between Companies in Odoo 18
How to Share Accounts Between Companies in Odoo 18How to Share Accounts Between Companies in Odoo 18
How to Share Accounts Between Companies in Odoo 18
Celine George
 
IMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERS
IMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERSIMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERS
IMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERS
rajaselviazhagiri1
 
Rebuilding the library community in a post-Twitter world
Rebuilding the library community in a post-Twitter worldRebuilding the library community in a post-Twitter world
Rebuilding the library community in a post-Twitter world
Ned Potter
 
How to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 InventoryHow to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 Inventory
Celine George
 
MCQS (EMERGENCY NURSING) DR. NASIR MUSTAFA
MCQS (EMERGENCY NURSING) DR. NASIR MUSTAFAMCQS (EMERGENCY NURSING) DR. NASIR MUSTAFA
MCQS (EMERGENCY NURSING) DR. NASIR MUSTAFA
Dr. Nasir Mustafa
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
IPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdf
IPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdfIPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdf
IPL QUIZ | THE QUIZ CLUB OF PSGCAS | 2025.pdf
Quiz Club of PSG College of Arts & Science
 
Chemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptxChemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptx
Mayuri Chavan
 
Dastur_ul_Amal under Jahangir Key Features.pptx
Dastur_ul_Amal under Jahangir Key Features.pptxDastur_ul_Amal under Jahangir Key Features.pptx
Dastur_ul_Amal under Jahangir Key Features.pptx
omorfaruqkazi
 
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales moduleHow To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
Celine George
 
INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024
INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024
INDIA QUIZ FOR SCHOOLS | THE QUIZ CLUB OF PSGCAS | AUGUST 2024
Quiz Club of PSG College of Arts & Science
 
PUBH1000 Slides - Module 12: Advocacy for Health
PUBH1000 Slides - Module 12: Advocacy for HealthPUBH1000 Slides - Module 12: Advocacy for Health
PUBH1000 Slides - Module 12: Advocacy for Health
JonathanHallett4
 
Pope Leo XIV, the first Pope from North America.pptx
Pope Leo XIV, the first Pope from North America.pptxPope Leo XIV, the first Pope from North America.pptx
Pope Leo XIV, the first Pope from North America.pptx
Martin M Flynn
 
How to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo SlidesHow to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo Slides
Celine George
 
114P_English.pdf114P_English.pdf114P_English.pdf
114P_English.pdf114P_English.pdf114P_English.pdf114P_English.pdf114P_English.pdf114P_English.pdf
114P_English.pdf114P_English.pdf114P_English.pdf
paulinelee52
 
UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...
UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...
UPSA JUDGEMENT.pdfCopyright Infringement: High Court Rules against UPSA: A Wa...
businessweekghana
 
U3 ANTITUBERCULAR DRUGS Pharmacology 3.pptx
U3 ANTITUBERCULAR DRUGS Pharmacology 3.pptxU3 ANTITUBERCULAR DRUGS Pharmacology 3.pptx
U3 ANTITUBERCULAR DRUGS Pharmacology 3.pptx
Mayuri Chavan
 
How to Change Sequence Number in Odoo 18 Sale Order
How to Change Sequence Number in Odoo 18 Sale OrderHow to Change Sequence Number in Odoo 18 Sale Order
How to Change Sequence Number in Odoo 18 Sale Order
Celine George
 
Aerospace Engineering Homework Help Guide – Expert Support for Academic Success
Aerospace Engineering Homework Help Guide – Expert Support for Academic SuccessAerospace Engineering Homework Help Guide – Expert Support for Academic Success
Aerospace Engineering Homework Help Guide – Expert Support for Academic Success
online college homework help
 
Classification of mental disorder in 5th semester bsc. nursing and also used ...
Classification of mental disorder in 5th semester bsc. nursing and also used ...Classification of mental disorder in 5th semester bsc. nursing and also used ...
Classification of mental disorder in 5th semester bsc. nursing and also used ...
parmarjuli1412
 
How to Share Accounts Between Companies in Odoo 18
How to Share Accounts Between Companies in Odoo 18How to Share Accounts Between Companies in Odoo 18
How to Share Accounts Between Companies in Odoo 18
Celine George
 
IMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERS
IMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERSIMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERS
IMPACT_OF_SOCIAL-MEDIA- AMONG- TEENAGERS
rajaselviazhagiri1
 
Rebuilding the library community in a post-Twitter world
Rebuilding the library community in a post-Twitter worldRebuilding the library community in a post-Twitter world
Rebuilding the library community in a post-Twitter world
Ned Potter
 
Ad

Software Assurance CSS321Security Static Ana.docx

  • 1. Software Assurance CSS321 Security Static Analysis Tools John Doe Jr. 15 March 2017 Contents Background 3 Product Overview 3 Departmental Organization 4 System Design Life Cycle 4 Desktop applications 5
  • 2. Web Application and Database Application 6 Security in Nontraditional Development Models (New Content) 8 Summary of the major steps and potential threats 8 Policies and processes that reduce threats 10 Security Static Analysis Tools (TBD) 11 Software Assurance Policies and Processes (TBD) 12 References 13 Background ABC is a software development company. It is a medium enterprise that has a wide range of clients from all over the country. The company has its headquarters in Miami, Florida and branches in the United States. The company is making plans to expand out of the United States beginning with Mexico and Canada. ABC focuses on the development of customer made application software. This means that most of the software created in the firm is specifically requested by the clients.
  • 3. However, some generic software is also created which can later be purchased by a client and re-engineered to fit their specific needs. The software assurance guidelines used by the company are specific to the type of software made. Desktop applications have different assurance specifications from web applications. The guidelines specified will be implemented from development all the way to the client organization. The software guidelines can only be efficient when both the developers and the users adhere to them. Product Overview The company does provide a number of software applications for the government. These applications include Account Pro, which is accounting software. It is desktop software and it is very optimal. The company also provides the government with a police record system. This application is web based and it relies heavily on the internet and the local area networks of the police stations. The application is optimized by a database that stores all of the information. Departmental Organization The firm is organized into four different departments. The first department deals with installation and maintenance of software. This is the after sale services department. This department is vital in the company since software often require patchwork and maintenance. The second department is the specifications research department. This department work hand in hand with the clients to determine the software that the clients require most and they communicate these requirements to the development department that is made up of developers who code and test the applications. The marketing and sales department ensures that the company has good public relations and stays relevant among the clients. System Design Life Cycle The system design life cycle that is used in the organization is
  • 4. quite traditional and standard. The first phase is planning and information gathering. In this phase the system requirements are gathered and information is gathered from the users. In the next phase, this information is organized and the system is proposed that will be able to solve the problems. Next is the design phase where the coding is done to develop the system. After coding, the system is taken into testing and debugging. If it is optimal, it is taken into the implementation phase where it is introduced to the clients. Maintenance is the last phase that requires updates and patches which leads us back to the first stage and it becomes a cycle (Avison and Shah, 2007). Software Assurance Techniques The guidelines are applied in the phases by ensuring that the specifications gathered are exactly what the client wants. The system design and coding is optimized by debugging and testing and the people who will be in contact with the system are supposed to be trained in the implementation phase so that they are able to use the system optimally and avoid performing tasks that may be detrimental to the application. ABC Company produces software that is consumed by the United States government. The company produces desktop, web and database applications. The software that the company produces will be analyzed in this section to determine the security and performance risks associated with all of these applications as well as the possible implications that these risks may have to the clients. For each risk, techniques for software assurance will be proposed and how these techniques can be applied to ensure that the application is optimized at all times. Desktop applications ABC Company offers a wide range of desktop applications. However, the most robust of all these applications that have
  • 5. been sold to the government is the Account Pro application. This is software that is installed to a workstation computer and it enables the user to be able to perform complex accounting functions rather easily. However, the person manipulating it must have both accounting and information technology knowledge so that he or she can be able to manipulate the software well. The software does not do all the accounting independently and it requires the expertise of an accountant to be able to function best. This accountant must also be conversant with information technology knowledge in order to operate the application. The application has all the characteristics of a desktop application. This means that it is at a lower risk of intrusion from the internet and other forms of attacks. However, it is still cumbersome to install and maintain. This is why maintenance and installation has to be done independently on every workstation. The ease of access is also reduced since the user has to move to the physical location of the computer with the application in order to access it (Lee et.al, 2008). This makes the use of desktop applications unfavorable due to the cumbersome nature. However, the application is very robust and optimized as far as security is concerned. Guidelines such as the use of user authentication have been put in place to make sure that unauthorized users don't get access to the application. The main threat that the clients face while using this application is however, not from third party intrusion but rather from it becoming out-dated (Lee et.al, 2008). This can reduce the general productivity of the application making it harder for it to be used to solve most if not all of the accounting problems of the client. This will make it inefficient. The application can become out-dated and after five to 10 years, it will no longer satisfy the organization needs that had been identified. Thus, to mitigate this threat, regular maintenance is done on the application and any new requirements are added to the application. This maintenance and patchwork is an aftersales
  • 6. service that the government is happy to pay for. Web Application and Database Application The web applications sold by the company are often optimized by a database thus making them two in one. The developers prefer php platform to develop these web based applications and the database server most used is SQL. The two platforms work well together once linked to create an optimal application. The company sold a web based application to the police department in south Miami that has been able to help them keep records of the statements made by the public and the arrests that have been made on these statements. This system has also helped them keep record of the development of these cases. Such a system is easier to use than a desktop application since you can be able to access it from anywhere as long as you have internet connection and access the police local area network. It is also easier to install and maintain since the installation is done on a central server and all the users access it in a client- server architecture. This means that the users access it through a web browser (Meier et.al, 2013). However, this application comes with a high risk of third party intrusion. This means that the application can be accessed by an unauthorized third party. Such access can cause the organization of the client to be vulnerable and their records to be tampered with. This can cause unprecedented losses. To handle this, the application does have user authentication and user accounts with logs to help monitor the activities of each user and identify unusual activity. However, the LAN in the police department also needs to be optimized with firewalls and honeypots (Meier et.al, 2013) to ensure that any third party that tries to access the network and thus the application through hacking or cracking is not able to do so. Another threat that the clients may experience is the need for scaling. The records will increase in number and with time, the department will require a larger database with a larger capacity so as to be able to hold all the records available. This scaling is
  • 7. done through maintenance by slowly expanding the database as the requirements of the user increase. The functionality of the application is also updated regularly. Security in Nontraditional Development Models (New Content) Software security involves combining several strategies to develop integrity, privacy, availability, usability and confidentiality. There are various non-traditional development models that can be used to achieve these objectives and various ways to reduce security threats using agile development models such as Scrum. ABC Corporation will use the scrum methodology. Scrum provides a firm with freedom to execute most operations. One of its most important aspects is the elimination of a regular manager. The following is the overview of the important concepts involved in the model (Avison and Shah, 2007).Summary of the major steps and potential threats The Scrum team has three roles. The first one is the Product Owner that represents the stakeholders and clients. The Scrum master, on the other hand, helps in eliminating problems, while the Developers have the skills to transport products within the system. Stories are the needs that are stated from the perspective of the clients. Product Backlog is a list of requirements, stories, and objects that need completion so that they can provide end- product. Tasks and subtasks represent steps created based on backlog items. In the sprint planning, the members of the team select objects that need to be finished in the subsequent sprint from backlog (Lee et.al, 2008). Sprint works as the platform in which tasks are completed. It is during the sprints where items are redefined, deleted or added. The Daily Scrum is where team members meet and discuss the previous achievements and focus on the upcoming activities. The definition of done is a criterion to examine whether items
  • 8. are ready after a test is performed. The sprint review occurs at the final stage; the teams check for any issues that emerged after completion of every sprint (Avison and Shah, 2007). The sprint retrospective is where the members of the team look at the final product and do reviews. It is at this point where members can reflect on the activities and make suggestions for further developments. This is a summary of the steps involved in the Scrum operation. First, product own develops a wish list known as a product backlog. Secondly, in the sprint planning, the team takes the top priorities from the wish list and describes the ways of implementing the pieces. Thirdly, the team takes some time like four weeks to ensure completion of the task. It is important to understand that the team will have daily meetings to ensure there is satisfactory progress. The Scrum master has the function of making sure the team focuses on the primary goal (Meier et.al, 2013). During the end of the sprint, the task will be completed and can be transported to the clients or presented to the stakeholders for assessment. In the end, there will be sprint review and a retrospective. When dealing with Scrum there are various security threats. For instance, in each Sprint approach, there are issues with security flaws that might allow hackers to access the crucial information of the company. In this case, there is a need to employ experts to help in the management of the risks. Another mitigation strategy is the addition of extra testers to perform regular checkups on the system. Another risk that might occur is the lack of enough time to address potential security threats. An example of a risk is the emergence of viruses that might adversely affect critical information. In such a case the clients will be informed of the occurrence of the issue and look for a way to stop any further destruction by the virus. The firm will also have to input other resources to address the problem (Lee et.al, 2008). In summary, if a threat is critical, there will be a need to carry out an urgent action. The critical issue will have to be dealt with on a daily basis to ensure there are
  • 9. effective measures in place to stop the threat. The organization members will have to notify the senior management of the risk. On the other hand, when the issue is minimal, the review of the system would be carried out quarterly.Policies and processes that reduce threats There are various security regulations provided to minimize risks. The first activity is the development of artifacts. They include security architecture, the definition of security threats, risk analysis, and the process of setting guidelines to reduce effects of the risks. ABC Company should have a group of security developers that will be in charge of maintaining security; this is crucial because duties will be delegated to the members of the team and a single individual will not perform many tasks (Meier et.al, 2013). First, there is a need to provide training on particular technologies like database engines, frameworks, and operating systems. Secondly in order to reduce threats is to provide a proper review of the interface, code and test case. Another policy that is critical to the reduction of security threats is to utilize security testing to ensure everything is secure. The other process is the establishment of safety audits at any particular time in the project. Finally, reviews are developed after completion of objects in the backlog and time checks are developed at control points. Security Static Analysis (TBD) Okay, these are the things I need. Please begin on this page and add 5-6 pages for this section. Come up with an application that ABC company may use and prepare a design for the application. So, prepare a design for application. Use appropriated diagrams to identify the major components of the application. Describe the major components of the application
  • 10. and security issues that may arise with it relative to the security development model. Create code. It can be C++ Java or C code; just be sure to include the code for the application in this document. If you have any questions, let me know. Remember, I need at least 5 pages. · Prepare a design for an application your organization might produce. · Include appropriate diagrams to identify the major components of the application. · Describe the major components and potential security issues where appropriate and as related to the security development model. · Create code samples in C, C++, or Java to illustrate the tenets of the security development model. · Identify at least 3 security static-analysis tools, and prepare guidelines for how they would be used in the sample code and throughout the software development in the company Software Assurance Policies and Processes (TBD)
  • 11. References Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., & Murukan, A. (2013). Improving web application security: threats and countermeasures. Microsoft Corporation, 3. Lee, D. C., Crowley, P. J., Baer, J. L., Anderson, T. E., & Bershad, B. N. (2008, April). Execution characteristics of desktop applications on Windows NT. In ACM SIGARCH Computer Architecture News (Vol. 26, No. 3, pp. 27-38). IEEE Computer Society. Avison, D. E., & Shah, H. U. (2007). The information systems development life cycle: A first course in information systems. McGraw-Hill. 1 posts Re:Topic 8 DQ 2 Reflect on three of the articles you have chosen for the literature review assignment. How will these articles help you
  • 12. proceed from here? Bashir, G. M., Khan, H. U., & Fournier-Bonilla, S. D. (2016). Applying adragogy theory to an adult multicultural audience: How cultural factors influence the capacity for adults to learn information technology concepts in the classroom environment.Preceedings for the Northeast Regional Decision Sciences Institute (NEDSI), (pp. 1-15). I found the research by Bashir, Khan, & Fournier-Bonilla (2016) especially interesting as it really spoke about to the diversity aspect of college campuses today. Diversity is in the form of gender, age, socioeconomic, and geographic. Traditioanl pedagogy methods do not work with all learners and facutly are being faced iwht teaching adults using an adragogy theory. This article does continue on to talk about training needs of full-time faculty, however doesn’t address the adjunct population. This article is definitely one that I am going to continue to research, it also had a tremendous amount of sources that I can use. Lopes-Murphy, S. A. (2014). Experiences in postsecondary education that may lead to cultural intelligence: Exploring and proposing practices. International Jounral of Teaching and Learning in Higher Education, 26(2), 287-296. Lopes-Murphy (2014) was a very interesting article for me as it was one of several that actually identified a gap that I could use to further explore my topic of cultural intelligence’s impact on engagement, specifically in regard to university faculty. This article stated that on seven percent of BA graduates meet the entry levels of cultural intelligence. The gap is that they believe that the faculty may have something to do with it, and that faculty members need to know their CQ levels as well. It also suggests that CQ needs to be evaluated across all departments, majors, and delivery methods. This article really was the article that I needed to find. I will continue to search for newer research studies that have referenced this author to see if there are any new additional places and studies that I need to review.
  • 13. Elkhouly, S. M., & Amer, M. G. (2013). Examining the relationship between cultural intelligence and conflict resolution styles in the industrial sector in Egypt. Competition Forum, 11(2), 140-153. In this article Elkhouly & Amer (2013) conducted research on Egyptian and English leaders and suggested that while gender did not have any effect on cultural intelligence levels that language skills did. What they suggested in that universities use foreign language teachers to teach cultural intelligence courses. Part of my study was going to compare teaching delivery model (online, hybrid, or land based) as well as major to see if there were any differnce among CQ levels. The concern that I have is that I am spreading my research out in too many ways, so I need to narrow it down. References: Bashir, G. M., Khan, H. U., & Fournier-Bonilla, S. D. (2016). Applying adragogy theory to an adult multicultural audience: How cultural factors influence the capacity for adults to learn information technology concepts in the classroom environment.Preceedings for the Northeast Regional Decision Sciences Institute (NEDSI), (pp. 1-15). Lopes-Murphy, S. A. (2014). Experiences in postsecondary education that may lead to cultural intelligence: Exploring and proposing practices. International Jounral of Teaching and Learning in Higher Education, 26(2), 287-296. Elkhouly, S. M., & Amer, M. G. (2013). Examining the relationship between cultural intelligence and conflict resolution styles in the industrial sector in Egypt. Competition Forum, 11(2), 140-153. 1 posts Re:Topic 8 DQ 1 Qualitative researchers can use questionnaires to collect data. Suppose a qualitative researcher is interested in the behaviors of physicians that have high ratings of patient satisfaction. The
  • 14. research goal is to identify the behaviors of successful physicians so that these behaviors can be built into the curricula of medical preparation programs. The researcher undertakes a case study and uses three instruments to gather data. 1. First, the researcher gives a likert-scale questionnaire to patients of a select group of physicians to determine the perceived behaviors that lend to higher levels of satisfaction. 2. Second, the researcher reviews video recordings of physician-patient encounters from 10 physicians who have been rated highly by patients in a reliable satisfaction survey. 3. Third, the researcher interviews patients to glean more detail about physical behaviors that improve patient satisfaction. How might these data be analyzed separately and then triangulated as the researcher presents the results? The likert scale data could be analyzed to determine which behaviors the patients valued. For instance, they may have valued the physician’s genuinely, sincerity, or candidness. They may have also valued the physician’s ability or willingness to explain conditions and their options to the patients. The responses to the likert scale questions would yield valuable information about the patient’s perspective that could be used. The video recording could be coded to capture the physician’s actions and the patient’s reactions. For instance, did the physician explain the condition or the prescribed medications to the patent or did they simply give administration instructions. How did the patient respond to the encounter? Did they nod in acknowledgement, did they ask clarifying questions, did they scowl? These behavioral clues would give valuable information about how the physician and the patient value the encounter. The interviews would also give valuable information about the patient’s perspective. The results could be coded and the researcher could look for themes. All of these sources should be analyzed separately and then triangulated to determine if they come to the same conclusion. In this case, Carter, Bryant-Lukosius, DiCenso, Blythe and Neville (2014) note that this would be considered method
  • 15. triangulation because the researcher used different methods to collect the data before combining it. To operationalize triangulation, Creswell (2014) recommends “examining evidence from the sources and using it to build a coherent justification for themes” (p. 201). For instance, looking at the results from each method to determine if openness is present. If openness is present in all three data sources, then it would justify its inclusion as a theme. Combining the results from different methods would give a fuller picture of the phenomenon in question, in this case behaviors of successful physicians (Virginia, 2014). Carter, N., Bryant-Lukosius, D., DiCenso, A., Blythe, J., & Neville, A. J. (2014). The Use of triangulation in qualitative research. Oncology Nursing Forum, 41(5), 545-547. doi:10.1188/14.ONF.545-547 Creswell, J. W. (2014). Research design: qualitative, quantitative, and mixed methods approaches. (4th ed.). Los Angeles, CA: Sage. Virginia, W. (2014). Research methods: Triangulation. Evidence Based Library And Information Practice, Vol 9, Iss 1, Pp 74-75 (2014), (1), 74. 1 posts Re:Topic 8 DQ 1 Qualitative researchers can use questionnaires to collect data. Suppose a qualitative researcher is interested in the behaviors of physicians that have high ratings of patient satisfaction. The research goal is to identify the behaviors of successful physicians so that these behaviors can be built into the curricula of medical preparation programs. The researcher undertakes a case study and uses three instruments to gather data. 1. First, the researcher gives a likert-scale questionnaire to patients of a select group of physicians to determine the perceived behaviors that lend to higher levels of satisfaction. 2. Second, the researcher reviews video recordings of physician-patient encounters from 10 physicians who have been
  • 16. rated highly by patients in a reliable satisfaction survey. 3. Third, the researcher interviews patients to glean more detail about physical behaviors that improve patient satisfaction. How might these data be analyzed separately and then triangulated as the researcher presents the results? Each of these methods focus on a very different part of the research process, and will therefore yield different results. The nice thing about this is that it will be looking at many different angles of the doctor-patient relationship, which will answer questions regarding what it takes to be a physician that develops a good relationship with patients and has high levels of patient satisfaction. Researchers have found that the use of triangulation is extremely helpful in medical research, because it can bring clarity to the results (Tonkin-Crine et al, 2016). For this particular instance, examining the likert-scale results can bring insight into what behaviors that the doctors portrayed or failed to portray brought higher results among the patients surveyed. Video recordings could be coded for many things, including observed body language and behaviors of both patients and doctors of those who scored highly on the likert- scale surveys. Personal interviews of the patients can clarify some of the ratings and discover the reasoning behind certain ratings, what was most valuable to the patient within the interaction, and how they felt about certain behaviors. Using triangulation to compare and combine all results would be an effective method for adding to the understanding of what factors lead to good relationships between patients and physicians, and what things educational programs can implement in order to better prepare doctors for work in the field. Tonkin-Crine, S., Anthierens, S., Hood, K., Yardley, L., Cals, J. L., Francis, N. A., & ... GRACE INTRO/CHAMP, c. (2016). Discrepancies between qualitative and quantitative evaluation of randomised controlled trial results: achieving clarity through mixed methods triangulation. Implementation Science, 111-8. doi:10.1186/s13012-016-0436-0