Question

With limited management resources available and the pressure to deploy new business
solutions quickly, measuring productivity in systems development often becomes a low priority
for many organizations. IT departments at smaller companies in particular seem reluctant to
institute policies to track the performance of development projects. Some companies,
however, have been forced to adopt productivity measurement methods, and are reaping
rewards for doing so. For example, national retailer Belk Inc. had to adopt productivity metrics
as a means of reducing devastating system failures. Aubrey, the veteran IT consultant that
Belk hired, was used to nursing client organisations through crashes that periodically downed
their systems. But nothing had prepared Aubrey for the failure rate at Belk. Soon after joining
the company as senior VP for systems development, Aubrey discovered that Belk’s batch
systems went down an astounding 800 times a month. The Charlotte, North Carolina, outfit, a
private company with estimated annual revenue of $1.7 billion, paid a heavy price for the
constant bandaging: In 1997, Belk spent $1.1 million of its $30 million IT budget on unplanned
maintenance. To steady the systems, Aubrey instituted a series of tracking measures.
Programmers began logging their time. Required software functions were carefully counted in
application development projects. Belk compared its cycle time, defect rates, and productivity
with competitors’ figures. And systems managers were required to draw up blueprints for
reducing the crashes—with the results reviewed in their performance evaluations. The
transition to tracking the IT department’s performance was painful but worthwhile. Belk’s
systems became more stable—monthly disruptions dropped to 480 incidents, a figure Aubrey hopes to slash by another 30 percent. Unplanned maintenance costs also have been brought
under control, with initial cuts in unplanned maintenance expenses of $800,000.
Discuss the basic steps in the traditional systems development life cycle?

Answer 1

The traditional system development life cycle that has been a part of the organizations nowadays when the times are too rough for the developers and also the architects to study the cases and then start working on the projects also, as the years are passing by, security is growing as one of the most effective fields in the history of computers. There is a need of getting each one of the things secured with the help of internet security with ethical actions. There are many things happening on the web and promising safety without taking any tough measures is one of the impossible tasks nowadays. Hence, companies and individuals have moved to security tools and technologies to keep their information safe while connected to the internet. The steps in development life cycles are as follows:

• Preparing:
  • One must always prepare for the risks and also keep the systems checked for the vulnerabilities.
  • The best approach is to plan and make changes to the system as soon as the updates are launched to a particular system.
  • The planning must work accordingly so that the risks are being minified at the user's end.
• Verifying & Eliciting:
  • Verifying each & every potential risk in the system and if found critical then eliciting the risk will ensure that the risks are eliminated properly.
  • The elimination of the risks is also being done on a certain level so that there are no further risks remaining in the system to check.
• Analyzing gaps & Evaluating:
  • Analyzing for risks is the major activities that must be taken on the developing end because if a risk is analyzed in the earlier stage it is less destructive for the system.
  • Evaluating the level of the risks also become important for the users so as to make the risks less effective on the systems.

Also, we have access to analyzing the security policies that must be faced before launching any of the projects we must maintain the policies intact. They are as follows:

1. Knowing The Risks:
   • It is the most important part while creating security policies to know what risks are there in the system.
   • How the information is been manipulated at the client as well as the server end. Hence, making the process more secure as data is the part for which security is always compromised.
2. Knowing The Wrongs Done By Others:
   • Knowing that the organizations who have been gone through the certain risks which reside in your system. Learning from the mistakes made by others is always the most effective way of setting guidelines.
   • The guidelines to the security policy consist of the most probable wrong things that each and every organization with similar risks are been doing.
3. Keeping Legal requirements in mind:
   • Many times organizations completely forget about the legal requirements that are been required by the officials.
   • Hence, keeping the legal jurisdictions, data holdings and the location in which you reside is also most important.
   • Recently, this has been the case with Facebook's most controversial data theft.
4. Setting the level of security:
   • The level of the security that is been planned must always be kept in mind with the level of risks that are been residing in the system.
   • Excessive security in the system can also cause hindrance to the smooth business operations and hence, overprotecting oneself can also be a cause to the problem.
5. Training Employees Accordingly:
   • The training of the employees in a certain part of the security is also a major part of the security policy as the employees are the one who makes mistake.
   • So, if one trains their employee in such an order that they minimize the mistakes that are been made it will become great for the system.

Hence, these are the guidelines for creating an effective and functional security policy and also the development life cycle must end after the security and risk management has been confirmed.