Unit 5.pdf

Full Transcript

SOFTWARE ISSUES: RISKS & LIABILITIES UNIT 5, BU1173 TEXTBOOK: CHAPTER 8 (Kizza, 2023, pp. 161-171) Definition: Software Software is a set of computer programs made up of a sequence of short commands called instructions that tell the computer what to do. individual or a company. Normally, software is in two forms: ROM (read-only memory): built into the computer’s more permanent memory RAM (random access memory): loaded on demand at runtime in less permanent but more volatile memory called Definition: Software Producer A software producer, or developer, creates or develops a set of programs to meet the specifications of a user, if there is a contract, or of a specific problem if it is a general software. Developers are either individuals working alone or companies such as Microsoft, which employs hundreds of software engineers including analysts and programmers. Definition: Software Buyers Software buyers, or customers, obtain the finished software from the developer to satisfy a need, basing their decision on developer claims. Standards Software developers must convey to buyers’ satisfaction that their products are of high quality. The buyer, however, has little leverage in disputing the claims of the developer in these areas because there is no single universally acceptable and agreed upon measure of software standards. But!!! But there are universal basic standards that a software product must meet. Such standards include the mutually agreed upon criteria and expectations of the buyer. In this case, the law imposes such standards, and if the product does not live up to them, the buyer has the right to pursue legal action. A quick look back at Intellectual Property Rights… Copyright Laws for Software Patent Laws for Software Used to protect the creation of an idea, and the implementation of that idea into actual use Patents for technology usually involve hardware of some kind, and are not usually suitable for software Trademarks for Software Not an effective way to protect computer programs Useful only if the creator of the software owns a company where a trademark is applicable Consider Microsoft Windows as an example Trade Secrets for Software Very effective when used to protect the concept that software or computer programs are based on. Software Security Computer software now stores the majority of the vital information that companies, and society, need to function. The security of software also depends on the security of the hardware being used. Important Term! Security Breach - any incident that results in unauthorized access of data, applications, services, networks and/or devices, by bypassing their underlying security mechanisms. Risk Assessment & Management In order to assess the security of software, system managers need to assess potential risks during the design phase when creating software, and the use phase Two key components of assessing risk in software are assessment and control Both components must be evaluated, with documentation to prove they have conducted the evaluations, and possible consequences of possible risks and accidents Glitches, Flaws, & Weaknesses In order to properly assess risk, software creators need to try and identify, and predict, a system’s vulnerabilities This can be difficult to do when the capabilities of technology advance constantly, and in ways that aren’t always predictable 1 Standards in Software Development Standards Software developers must convey to buyers’ satisfaction that their products are of high quality. The buyer, however, has little leverage in disputing the claims of the developer in these areas because there is no single universally acceptable and agreed upon measure of software standards. 2 Development Testing Development testing consists of a series of random tests on the software during the development stage. However, the use of mathematical techniques in developmental testing does not ensure error-free code. 3 Verification and Validation The process of verification and validation (V&V) involves static formal mathematical techniques such as proof of correctness and dynamic techniques such as testing to show consistency between the code and the basic initial specifications. Reliability and Security Reliability Security Reliability of software is the probability that such Software security is an integral part of a software does not encounter an input sequence computer system, and the security of such a that leads to failure. A software product is system depends on its hardware but even more reliable if it can continue to function on so on the software component. numerous unpredictable input sequences. Safety and Quality 1 Safety 2 Quality A software system is unsafe if a condition A software product has quality if it is created whereby there is a likelihood of maintains a high degree of excellence in an accident, a hazard, or a risk. standards, security, safety, and dependability. Quality of Service and Causes of Software Failures Reliability Security Safety Consistent and dependable Protected and secure service Safe and reliable service service delivery environment performance Human Factors and Nature of Software: Complexity Human Factors Nature of Software Poor software performance can be a result of Software programming presents billions of memory lapses, rush to finish, possible outcomes on the same input overconfidence, malice, and complacency. sequence, making it difficult to test and prone to errors. Risk in Software 1 Risk Software risks have causes and effects, including poor software design, mismatch of hardware– software interfaces, and unrealistic schedules and budgets. Understanding the Concept of Risk Risk Risk can be defined as the potential or possibility of suffering harm or loss— danger, in short. Causes and Effects Software risks have causes and effects, including poor software design, mismatch of hardware–software interfaces, and unrealistic schedules and budgets. RECENT DATA BREACHES 2015-PRESENT The Story Behind The Hack That Wreaked Havoc on Hollywood - The Vault Types of Computer System Attacks Penetration Involves breaking into a computer system to gain illegal access to cyberspace content and resources Gives the intruder the ability to alter data files, change data, plant viruses, or install damaging programs Can be done from within a network, or from outside (hacking!) Denial of Service Attacks DOS for short – newer form of attack This type of attack does not alter or destroy data; they affect a systems ability to function Computer systems that are attacked in this manner can then be used to attack other computer systems Can also be accomplished from within or outside a network Baby Monitor Breach Another look at cybercrime motives… Political Activism Vendetta Joke/Hoax Hacker’s Ethics Terrorism/Extortion Espionage Political & Military Business & Industrial Hate Personal Gain/Fame/Fun Top 10 Infamous Anonymous Hacks How are cybercrime victims affected? Psychological Effects Fear, hate, seclusion and isolation Moral Decay Bad behavior being accepted as “normal” Loss of Privacy Tighter network security = less privacy Loss of Trust Loss of faith in people, systems, organizations, etc. References IMAGES https://pixabay.com/ https://www.freepik.com/ wikipedia.com psychologytoday.com REFERENCES PPT adapted from: Kizza, Chapter 8 https://en.wikipedia.org/wiki/Ashley_Madison_data_breach https://www.csoonline.com/article/2130877/the-biggest-databreaches-of-the-21st-century.html