Detalhes bibliográficos
Ano de defesa: |
2024 |
Autor(a) principal: |
Gatto, Dacyr Dante de Oliveira
 |
Orientador(a): |
Sassi, Renato José
 |
Banca de defesa: |
Sassi, Renato José
,
Lopes, Fábio Silva
,
Sátyro, Walter Cardoso
,
Costa, Ivanir
,
Pinto, Luiz Fernando Rodrigues
 |
Tipo de documento: |
Tese
|
Tipo de acesso: |
Acesso aberto |
Idioma: |
por |
Instituição de defesa: |
Universidade Nove de Julho
|
Programa de Pós-Graduação: |
Programa de Pós-Graduação em Informática e Gestão do Conhecimento
|
Departamento: |
Informática
|
País: |
Brasil
|
Palavras-chave em Português: |
|
Palavras-chave em Inglês: |
|
Área do conhecimento CNPq: |
|
Link de acesso: |
http://bibliotecatede.uninove.br/handle/tede/3507
|
Resumo: |
The Software Development Life Cycle (SDLC) is a development process approach that spans from the conception to the maintenance of the final software product. The software requirements specification is a crucial phase of the SDLC, involving the identification of functional and non-functional requirements. Failures in this phase can lead to organizational issues such as information security problems. A development process approach that encompasses information security is the Secure Software Development Life Cycle (S-SDLC), which integrates security into all phases of software development, although it may not cover all activities of each phase of the cycle. Standards considered references for information security, such as ISO/IEC 27001 and ISO/IEC 27002; and frameworks like NIST Cybersecurity Framework (CSF), CIS Critical Security Controls, Mitre Att&ck, and OWASP Secure Coding Practices (OWASP SCP), support this comprehensiveness, especially if integrated into an architecture. The literature highlights the importance of an architecture that integrates information security standards and frameworks addressing failures in the specifications of functional and non-functional requirements across all activities in the S-SDLC, without overburdening software development. Thus, the aim of this work was to develop and apply an Integrated Architecture of Standards and Frameworks for Secure Software Development to support the identification of failures in specifying functional and non-functional requirements during the phases of the Secure Software Development Life Cycle. The development of the architecture was divided into six distinct phases: Systematic Literature Review (SLR); Documentary Research; Development of the Integrated Architecture of Standards and Frameworks for Secure Software Development; Definition, Application, and Evaluation of the S-SDLC Maturity Model; Application of the Integrated Architecture of Standards and Frameworks for Secure Software Development in the S-SDLC; and Validation of S-SDLC Maturity Evolution Post-Application of the Integrated Architecture of Standards and Frameworks for Secure Software Development. With the development and application of the architecture, problems of the S-SDLC were addressed, and it was observed that the phases and activities of the S-SDLC were supported with information security requirements and controls that enhanced the maturity of the S-SDLC, comparing the status of the S-SDLC Pre-Application and Post-Application of the architecture. |