Home > Free Essays > Tech & Engineering > Computer Security >

System Test and Evaluation Plan and Procedure Research Paper

Exclusively available on Available only on IvyPanda® Made by Human No AI
  1. Introduction
  2. Security Assurance and Trusted Systems
  3. Evaluation of Security Assurance Procedures
  4. Validation and Verification
  5. Evaluation Methodology and Certification Techniques
  6. References

Introduction

This paper develops a system plan and evaluation procedure for the security system of a hypothetical bank called the National Bank of America. The National Bank of America deals in the safekeeping of its client’s money, and since the bank operates huge volumes of financial transactions, most of its systems are automated. These systems are subject to several security measures because it is crucial for the company to ensure all accounts held for its customers are uniquely operated by the legitimate owners. Comprehensively, the bank’s security systems are often subject to breaches by fraudsters and other suspicious entities. The possibility of a security breach warrants a through development of a comprehensive system plan and evaluation procedure. In achieving the above objective, this paper explains the concept of security assurance and trusted systems of the bank; an evaluation of ways of providing assurance throughout the life cycle; a discussion of the validity and verification of the system, and a Illustration of the evaluation methodology and certification techniques of the security system. These analyses will be done systematically.

Security Assurance and Trusted Systems

The concept of security assurance in the National Bank of America’s security system revolves around the assurances of the company (to its clients) that the company’s security system is completely secure (Merkow, 2004, p. 11). The system’s security assurances will be supported by objective evidences, based on more than one premise. Unlike most security assurance and trusted systems technologies, National Bank of America will have a security assurance system that will be based on people, processes and technology (Carnegie Mellon University, 2008, p. 2). These premises will show how the claim of security assurance is supported by several sub-claims. In this explanation, the system explains various levels of security vulnerabilities that need to be protected.

The strongest security assurance premise for National Bank of America would be the guarantee that the system caters for all coding effects. These coding effects may lead to several buffer overflow breaches (Carnegie Mellon University, 2008, p. 2). In this regard, the strongest security assurance will be based on the guarantee that all the programmers who developed the bank’s security systems were trained to develop the system. Here, an assurance is given that the code writing process was done by qualified programmers, hence the minimal chances of realizing buffer overflow vulnerabilities.

The second security vulnerability will be made with the assurance that all programmers comprehensively reviewed the security system to ensure there is no chance of a buffer overflow occurring (Carnegie Mellon University, 2008, p. 2). A statistics analysis tool will also be used as a security assurance measure to guarantee that, there will be no security problems realized. Finally, the system will be tested with invalid arguments to test its reliability. Here, it should be affirmed that all the inputs are rejected, and sometimes, such security issues should be treated as unique elements of the security system (Carnegie Mellon University, 2008, p. 2). Comprehensively, the above security assurance procedures will be aimed at identifying buffer overflow incidences. It should also be affirmed that, there is no possibility of security breaches occurring, and some of the weak security links identified should be effectively corrected.

Another security assurance method for the National bank of America’s security system lies in its online banking method. To ensure, there is a reliable security assurance for the online banking system, the “extended validation secure socket layer” will be used to guarantee the bank’s customers that the company’s website is authentic (PNC, 2011, p. 1). This security assurance measure is crucial in the bank’s online banking media because the internet contains several fraudulent websites which do not represent the identity of the company. Some of these websites may also be malicious or suspicious in nature.

Evaluation of Security Assurance Procedures

The “extended validation secure socket layer’ is a reliable way of ensuring there is minimal fraud in the bank’s online system. This is because the system guarantees the safety of transactions. The system is designed in three levels. The first level shows a green light at the bar code to mean that, the clients are using the authentic company website (PNC, 2011, p. 1). On the second level is the yellow address bar where customers are supposed to proceed with extensive caution because there may be instances of malicious or suspicious activity detected.

Here, there are indications that the website visited bears qualities of a suspicious website (but it may not be authenticated that the site is indeed fraudulent) (PNC, 2011, p. 1). At the third level of the security system is the red address bar. This bar is an advisory message to the bank’s customers that, transactions should be stopped because the website may be fraudulent, malicious or suspicious. In other times, the red message means the website has a SSL security problem and therefore, it may not be safe to carry out any financial transactions through the website. These three levels of online banking security are crucial to the safety of the overall bank’s financial security. Indeed, they are also very reliable.

The assurance that all programmers employed to develop the bank’s security systems are qualified and well trained is a reliable measure because it supports high standards of developing the bank’s security system. In other words, the skills and expertise directed towards developing the bank’s security system is high-end and therefore, the overall output is bound to share the same quality. If unskilled or incompetent programmers were used to develop the bank’s security systems, several security vulnerabilities would be evidenced. However, this is not the case. This assurance is therefore reliable because it guarantees the quality of the bank’s security system.

A review of the bank’s security system is also a credible way of ensuring the safety of the bank’s security system. This is because reviewing the company’s safety system is a sure way of ensuring the system meets its intended purpose (Paper-Check, 2011, p. 2). This assurance is crucial in determining the relevance of the security measure. There are certain security systems that fail to cover adequately their objectives because they are not effectively reviewed to ascertain if they meet their intended purpose. The fact that the security provisions are effectively reviewed is therefore a strong indicator that the system can be effectively relied on.

Validation and Verification

The validity of the security assurances cited above, are entrenched in the time period for review (TAOnline, 2011, p. 14). The security assurances are going to be subject to two years review to ascertain their effectiveness and identify any areas of improvement. From the inception of one security measure, the validity period will only be two years, after which an evaluation will be done to extend the validity of the security measure, or eliminate the security measure altogether (in favor of a more effective one). This is an effective way of guaranteeing the validity of the security measures.

The bank’s system verification is done on two levels. The first level is the dynamic verification which entails the test and experimentation of the bank’s security systems (Bishop, 2003). To verify the bank’s security systems, executing the appropriate softwares and checking their behaviors will be crucial in ensuring the security systems meet their intended objectives. This task is often performed in the test phase of the security software development (Bishop, 2003). The second level of the security verification procedure involves the assurance that the applicable security measures meet their required standards. This verification is done after undertaking a physical verification of the system to ascertain several variables including code conventions verification, bad practices (anti-pattern) detection, formal verification and the software metrics calculation (Bishop, 2003). These procedures ensure the bank’s security systems satisfy all the stipulated security requirements.

Evaluation Methodology and Certification Techniques

For National Bank of America, a finger-print based biometrics will be crucial in ensuring there are no fraudulent activities launched on the company’s security system (Bishop, 2003). All customers will be required to input their fingerprints before using the bank’s systems to withdraw, transfer or deposit cash. This system will be backed-up by an image-based biometrics evaluation that contains information regarding the physical features of the customers. This prevents the occurrence of security breaches that may bypass the fingerprint authentication feature (Tanabe, 2009, p. 2). Past evaluation methodologies have strongly relied on human-based algorithm procedures but these systems have been useful in situations characterized by theoretical analyses (Tanabe, 2009, p. 2). This plan proposal will therefore go beyond the theoretical analysis.

The best certification technique to be used in this system plan will be a third party certification from an independent body. A credible security institution or body will therefore be sourced to certify the security features employed by the bank. Moreover, the software programmers will be sourced from respectable institutions which are certified by a security body. This technique will guarantee the reliability of the programmers and the security system (in totality) (Hibma, 2011, p. 1).

References

Bishop, M. (2003). Computer Security: Art and Science. New York: Addison-Wesley Professional.

Carnegie Mellon University. (2008). Arguing Security – Creating Security Assurance Cases. Web.

Hibma, T. (2011). Web.

Merkow, M. (2004). Computer Security Assurance Using The Common Criteria. London: Cengage Learning.

Paper-Check. (2011). Web.

PNC. (2011). Extended Validation Secure Socket Layer (EV SSL) Certificates. Web.

Tanabe, Y. (2009). A Study on Security Evaluation Methodology For Image-Based Biometrics Authentication Systems. Piscataway, NJ: IEEE Press.

TAOnline. (2011). Web.

Rate
More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, March 29). System Test and Evaluation Plan and Procedure. https://ivypanda.com/essays/system-test-and-evaluation-plan-and-procedure/

Work Cited

"System Test and Evaluation Plan and Procedure." IvyPanda, 29 Mar. 2022, ivypanda.com/essays/system-test-and-evaluation-plan-and-procedure/.

References

IvyPanda. (2022) 'System Test and Evaluation Plan and Procedure'. 29 March.

References

IvyPanda. 2022. "System Test and Evaluation Plan and Procedure." March 29, 2022. https://ivypanda.com/essays/system-test-and-evaluation-plan-and-procedure/.

1. IvyPanda. "System Test and Evaluation Plan and Procedure." March 29, 2022. https://ivypanda.com/essays/system-test-and-evaluation-plan-and-procedure/.


Bibliography


IvyPanda. "System Test and Evaluation Plan and Procedure." March 29, 2022. https://ivypanda.com/essays/system-test-and-evaluation-plan-and-procedure/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1