Kudler Fine Foods

As an upscale specialty food store in San Diego area, Kudler Fine Foods needs to do all we can to obtain our customers and to win more customers over. The company's three locations have products stocked with the very best domestic and imported gourmet products and specialty products. With continue great customer service and providing the area with leading products, we have grown to three locations so far, and to continue our growth the marketing will implement a new sales and marketing strategy call "The Frequent Shopper Program". The programs consist of tracking purchase so our customer's and their purchasing behavior to better service the customers in our area locations. Another objective is to inspire customer loyalty through a rewards program. This also can help the company to better control the inventories and improve our purchasing of products. Before the new program can start, the management and the Information Security team will work together to go over some of the security concerns. We will need to perform and analyze the company's information Security process and what we can do to improve and implement the securities needed to protect the company's confidential data and customers' information.

There are several security considerations that Kudler Fine Foods should review and analyze as part of the system development lifecycle. Each phase of the lifecycle has different elements to consider however should be used as a whole in order to achieve a secure system. If any of the below systems were removed from service, there would be open threat advantages to the Kudler system. The only way to mitigate this would be to have a replacement system ready to implement if one of the below should be retired.

The requirements phase of the lifecycle is the same for all pieces of the system for intranet security, email, website, firewall security, server, and database, code, and security badges. Each of these items should be addressed with the subject matter experts (SMEs) from those specific areas to provide the necessary security requirements. The requirements should be reviewed several times with the collective group to ensure all requirements are identified and agreed upon. Our security experts need to have a risk assessment on our systems to see what our security risks are for our company. The security experts should also review the requirements to make sure they are not ambiguous and that each threat has a viable solution.

The design phase should consider all of the requirements and begin to create specifications in order to ensure that the requirements were understand and are going to fulfill the requirements. Each of the requirements for each of the areas should be reviewed with the SMEs when the general design is completed. Any gaps that are identified should be addressed in the design and the design should be analyzed for consistency. All the specifications should be updated to reflect these gaps and documentation should be kept in order for all to understand what is being implemented. Controls need to be set up in this stage to make sure that the risk can be mitigated as much as possible. These controls can include anything to keep the security in order for KFF, but should be at least a password/ID for each of the employees to access the company's information. A final risk assessment should be done at this phase to see what threats still may pose the biggest risk for the new system at KFF.

During integration, the code should be verified against the requirements to ensure that each requirement is going to be implemented. Unit testing should be conducted to ensure those requirements have been designed and coded to the requirements. Unit testing primary goal is to take the smallest piece of testable software in the application, isolate it from the remainder of the code, then determine whether it behaves exactly as we expect to behave. Each of the units should be tested separately before integrating them into the modules to test how the modules interact with one another. This will be a great way to identify defects in the system. Everything can be tested during this stage all the way down to the security badges that we will use to allow the employees into the building.

During the testing phase for both system and UAT, each area should be tested within the company and also attempts should be made to access secure areas outside of the company. System and UAT testing should be more extensive than Unit Testing and should include positive, negative, and regression testing. Positive testing is when the system doesn't show errors when it's not suppose to and shows errors when it is suppose to. Negative testing is when it shows errors in the system when it's not suppose to and not showing errors when it is suppose to. Regression testing confirms that the program or code change has not adversely affected any of the features that were already on the system. If any bugs or defects are found, these items should be addressed for fix as soon as possible and be retested.

Implementation

...