Question

The Delta Insurance Company is having a policyholder subsystem which has started giving trouble. Over the years, the application evolved from using fixed length, multi-record type files to using a hierarchic database to using a relational database. The programs did not change much, but the data structures changed radically. Program code was patched to provide for the new data structure. The amount of people-time allocated to policyholder maintenance grew 15% per year over the last five years and is now costing as much per year as it did in 1980 to develop the original application. No one ever considered reevaluating the subsystem for redevelopment, but they would like to now. Upon inspection, the documentation was found to be up-to-date and includes flow charts and data flow diagrams. There are no current diagrams of the data structure. There are also no historical files of decisions or of changes. Apply the concepts of change management to discuss how should the company get this application in order? What type( s) of maintenance should they consider for the next set of changes?

Answer 1

How to get back application in order? What type( s) of maintenance should they consider for the next set of changes?

• To get the application back in order, first of all, we would require to hold back all the available code and start re-evaluation of the whole codes of the application and record back all the things that are noted to be useful for reinstating the application.
• Next step would be to gather all the information from the code and all the things related to the application and try to build up the data structures and all the use case diagrams using all these information putting up a good workforce on this work.
• Making the application back would be tough as people would have to understand the database and its interaction with the application along with the interference of multiple modules of the applications and as mentioned above in the scenario that the application was being developed during the old time the technology used is also outdated.
• Hence, it will become tougher for the developers to understand the old use of the functions and it will take time to enhance the code and to make the code as per the modern technology the developers would also have to look after the cybersecurity concepts and also enable them in the application.
• This will be the most important step and factor, in order to reinstate the application security, will play a major role in getting the application up to date. Hence, security will play a major role in the maintenance and next set of changes in the applications.
• The next steps for the maintenance and development of the tools would be as follows:
  • Collecting Information:
    • The collection of information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
    • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
  • Risk Profiling:
    • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
    • There must be things carried out like:
      • Automated threat scanning
      • Penetration Testing
      • Black Box Testing of the source codes
      • Assigning Risk Ratings to the Security Flaws
      • Reporting to higher Authorities
  • Updating Technology:
    • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
    • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
  • Application Fingerprinting:
    • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
    • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
      • Defining Objectives
      • Devising Strategy to overcome threats
      • Role-Based Access Control Matrix
      • Choosing Appropriate Security Tools

Hence, these are the steps in which the reinstating of the application can be successfully carried out.