Information security and quality management are often considered two different fields. However, organizations must be mindful of how software security may affect quality control. This paper examines and promotes methods through which secure software development processes can be integrated into the Systems Software Development Life-cycle (SDLC) to improve system quality. Cyber-security and quality assurance are both involved in reducing risk. Software security teams work to reduce security risks, whereas quality assurance teams work to decrease risks to quality. There is a need for clear standards, frameworks, processes, and procedures to be followed by organizations to ensure high-level quality while reducing security risks. This research uses a survey of industry professionals to help identify best practices for developing software with fewer defects from the early stages of the SDLC to improve both the quality and security of software. Results show that there is a need for better security awareness among all members of software development teams.
References
[1]
Coburn, A., Leverett, E. and Woo, G. (2018) Solving Cyber Risk: Protecting Your Company and Society. John Wiley & Sons, Hoboken.
[2]
Salin, H. and Lundgren, M. (2022) Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams. Journal of Cybersecurity and Privacy, 2, 276-291. https://doi.org/10.3390/jcp2020015
[3]
Cissé, M. (2019) An ISO 27001 Compliance Project for a Cyber Security Service Team. Cyber Security: A Peer-Reviewed Journal, 2, 346-359.
[4]
Harmer, G. (2014) Governance of Enterprise IT Based on COBIT®5. IT Governance Publishing, Ely. https://www.itgovernance.co.uk/download/governance-of-enterprise-it-based-on-cobit-5-book-sample.pdf https://doi.org/10.2307/j.ctt7zsxfv
[5]
Blokdyk, G. (2017) Java Machine Learning Complete Self-Assessment Guide. CreateSpace Independent Publishing Platform, North Charleston. https://dl.acm.org/doi/10.5555/3164673
[6]
Alshammari, B., Fidge, C. and Corney, D. (2016) Developing Secure Systems: A Comparative Study of Existing Methodologies. Lecture Notes on Software Engineering, 4, 139-146.
[7]
Bahl, S. and Wali, O.P. (2014) Perceived Significance of Information Security Governance to Predict the Information Security Service Quality in Software Service Industry: An Empirical Analysis. Information Management & Computer Security, 22, 2-23. https://doi.org/10.1108/IMCS-01-2013-0002
[8]
Bokhari, S.A.A. and Myeong, S. (2023) The Impact of AI Applications on Smart Decision-Making in Smart Cities as Mediated by the Internet of Things and Smart Governance. IEEE Access, 11, 120827-120844. https://doi.org/10.1109/ACCESS.2023.3327174
[9]
Abed-Alguni, B.H. and Paul, D. (2022) Island-Based Cuckoo Search with Elite Opposition-Based Learning and Multiple Mutation Methods for Solving Optimization Problems. Soft Computing, 26, 3293-3312. https://doi.org/10.1007/s00500-021-06665-6
[10]
Alkhalifah, A. and Denden, M. (2023) Investigating the Impact of Covid-19 on the Morale of Deaf and Hearing-Impaired Students in Saudi Arabia Technical Colleges: Lessons Learned and Future Implications. Journal for Educators,Teachers and Trainers, 14, 420-428. https://doi.org/10.47750/jett.2023.14.03.051
[11]
Denden, M. and Alkhalifah, A. (2023) Assessing the Impact of Covid-19 on the Psychology of Saudi Technical College Students: Lessons and Tips. Creative Education, 14, 518-529. https://doi.org/10.4236/ce.2023.143036
[12]
Jemmali, M., Denden, M., Boulila, W., Srivastava, G., Jhaveri, R.H. and Gadekallu, T.R. (2022) A Novel Model Based on Window-Pass Preferences for Data Emergency Aware Scheduling in Computer Networks. IEEE Transactions on Industrial Informatics, 18, 7880-7888. https://doi.org/10.1109/TII.2022.3149896
[13]
Alsmadi, I., Easttom, C., Tawalbeh, L. and Alsmadi, I. (2020) It Risk and Security Management. In: Alsmadi, I., Easttom, C. and Tawalbeh, L., Eds., the NICE Cyber Security Framework: Cyber Security Management, Springer, Cham, 55-78. https://doi.org/10.1007/978-3-030-41987-5
[14]
Andress, J. (2014) The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice.Syngress, Rockland.
[15]
Chakraborty, R.S., Zheng, Y. and Bhunia, S. (2016) Obfuscation-Based Secure Soc Design for Protection Against Piracy and Trojan Attacks. In: Chang, C.H. and Potkonjak, M., Eds., Secure System Design and Trustable Computing, Springer, Cham, 269-299. https://doi.org/10.1007/978-3-319-14971-4_8
[16]
Fatima, A., Khan, T.A., Abdellatif, T.M., Zulfiqar, S., Asif, M., Safi, W., Al Hamadi, H. and Al-Kassem, A.H. (2023) Impact and Research Challenges of Penetrating Testing and Vulnerability Assessment on Network Threat. 2023 International Conference on Business Analytics for Technology and Security (ICBATS),Dubai,7-8 March 2023,1-8. https://doi.org/10.1109/ICBATS57792.2023.10111168
[17]
Khan, K.M. (2012) Developing and Evaluating Security-Aware Software Systems. IGI Global, Hershey. https://doi.org/10.4018/978-1-4666-2482-5
[18]
Dowd, M., McDonald, J. and Schuh, J. (2006) The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Pearson Education, Upper Saddle River.
[19]
Wiltshire, I., Adapa, S. and Paul, D. (2023) Pandemic Speed: Accelerating Innovation in Cyber Security. In: Adapa, S., McKeown, T., Lazaris, M. and Jurado, T., Eds., Small and Medium-Sized Enterprises, and Business Uncertainty. Palgrave Studies in Global Entrepreneurship, Palgrave Macmillan, Singapore, 151-172. https://doi.org/10.1007/978-981-99-4844-4_9
[20]
Kim, L. (2022) Cybersecurity: Ensuring Confidentiality, Integrity, and Availability of Information. In: Hübner, U.H., Mustata Wilson, G., Morawski, T.S. and Ball, M.J., Eds., Nursing Informatics. Health Informatics, Springer, Cham, 391-410. https://doi.org/10.1007/978-3-030-91237-6_26
[21]
Melhim, L.K.B. (2023) Intelligent Surveillance Drone System for Health Care Enhancement in a Smart City. Communications in Mathematicsand Applications, 14, 551-559. https://doi.org/10.26713/cma.v14i2.2153
[22]
Eljack, S., Jemmali, M., Denden, M., Sadig, M.A., Algashami, A.M. and Turki, S. (2024) Intelligent Solution System for Cloud Security Based on Equity Distribution: Model and Algorithms. Computers, Materials & Continua, 78, 1461-1479. https://doi.org/10.32604/cmc.2023.040919
[23]
Mohsen, D., Ghannay, N. and Samet, A. (2009) A Half Hollow Cylindrical Antenna (HHCA) Analysis Using the CFDTD Algorithm. Progress in Electromagnetics ResearchC, 11, 51-60. https://doi.org/10.2528/PIERC09090804
[24]
Eljack, S., Jemmali, M., Denden, M., Turki, S., Khedr, W.M., Algashami, A.M. and ALsadig, M. (2023) A Secure Solution Based on Load-Balancing Algorithms Between Regions in the Cloud Environment. PeerJ Computer Science, 9, e1513. https://doi.org/10.7717/peerj-cs.1513
[25]
Ghannay, N., Denden, M., Romdhani, F. and Samet, A. (2008) A Novel Technique for Calculating Moment Method Impedance Matrix. IEEE Mediterranean Microwave Symposium 2008 Symposium, Damascus, 14-16 October 2008, 77-80.
[26]
Ohki, E., Harada, Y., Kawaguchi, S., Shiozaki, T. and Kagaya, T. (2009) Information Security Governance Framework. Proceedings of the First ACM Workshop on Information Security Governance, Chicago, 13 November 2009, 1-6. https://doi.org/10.1145/1655168.1655170
[27]
Tashtoush, Y.M., Darweesh, D.A., Husari, G., Darwish, O.A., Darwish, Y., Issa, L.B. and Ashqar, H.I. (2021) Agile Approaches for Cybersecurity Systems, IoT and Intelligent Transportation. IEEE Access, 10, 1360-1375. https://doi.org/10.1109/ACCESS.2021.3136861
[28]
Rossi, M., Taisch, M. and Terzi, S. (2012) Lean Product Development: A Five-Steps Methodology for Continuous Improvement. 2012 18th International ICE Conference on Engineering, Technology and Innovation, Munich, 18-20 June 2012, 1-10. https://doi.org/10.1109/ICE.2012.6297704
[29]
Jabbari, R., Bin Ali, N., Petersen, K. and Tanveer, B. (2016) What Is Devops?: A Systematic Mapping Study on Definitions and Practices. Proceedings of the Scientific Workshop Proceedings of XP2016, Edinburgh, 24 May 2016, 1-11. https://doi.org/10.1145/2962695.2962707
[30]
Grembi, J. (2008) Secure Software Development: A Security Programmer’s Guide. Cengage Learning, Boston.
[31]
Siddiqi, M.A. and Pak, W. (2021) An Agile Approach to Identify Single and Hybrid Normalization for Enhancing Machine Learning-Based Network Intrusion Detection. IEEE Access, 9, 137494-137513. https://doi.org/10.1109/ACCESS.2021.3118361
[32]
Gruber, D. (2020) Modern Application Development Security. Enterprise Strategy Group, Newton.
[33]
Gallivan, M.J. (2006) Diversity in Studying Gender and IT. In: Trauth, E.M., Ed., Encyclopedia of Gender and Information Technology,IGI Global, Hershey, 216-223. https://doi.org/10.4018/978-1-59140-815-4.ch034
[34]
McCormick, M. (2012) Waterfall vs. Agile Methodology. MPCS Inc.,Newburgh.
