Upload
others
View
21
Download
0
Embed Size (px)
Citation preview
Outline
Infrastructure and Universal Access to
1. Definitions , Purpose and Basis for the
standard
2. The Domain
3. Sub-domains
4. Scope, Target areas, References
5. General Requirements
Definition, Purpose and Basis for standards
1Software engineering is the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software.
2 ICT Systems automate government processes for increased efficiency and effectiveness in service delivery
3
This standard provides the requirements for the development, acquisition, execution and supervision of plans, policies, programs and practices that control, protect, deliver and enhance the value of applications, software, data, messaging and collaboration tools and assets for the Government of Kenya
4 Systems domain is a critical component of the GEA and it forms the application architecture layer
Shared Services use the advantages of local and centralised approaches to create greater value for users/clients/customers
Different standards
Replication of effort
Replication of costs
Inconsistent approaches
Maintain control of decisions
Allow for management’s priorities
Direct customer relationship
Fragmented Shared Centralised
Concentration of skills
Performance culture
Core competencies
2+2=5
Best practice
Simplified
Standardised
Single systems
Economies of scale
No local say in costs
Distant, remote
Lack of agility
Disenfranchised
Sub- Domains of ICT Systems Standards
Software andSystems Engineering
Messaging andCollaboration Websites
ICT systems Standard Domain
Sub- domain 1
Target Areasa. System/software planning techniquesb. Software Developmentc. Software Selection and Acquisitiond. Software Testing and Traininge. Purchase, deployment and use of licensed software
COBIT 5:ISO 90003:COBIT 4:ISO_IEC_27002_2005:ISO/IEC 26514:2008: ISO/DIS 15489-1:ISO 15489-1: 2001:ISO/TR 15489-2: 2001:ISO 16175-1:2010/2011:NIST Special Publication 800-45 Version 2National Information System Security Glossary, NSTISSI No.4009, January 1991ISB Standard Version 2.0E-mail Address naming StandardISF 2011 Standard of Good Practice for Information Security
Sub-domain 2 Sub- domain 3
Sub- domains
Software andSystems Engineering
Messaging andCollaboration Websites
System/software planning
techniques
There is need to apply specific techniques for gathering MCA’s applications in order to collate the asset register to support the investment planning process.
General requirements:
High Level Design
Detailed Design
Application Software
Development
Requirements for development and documentation of high-level designsusing agreed-on and appropriate phased or rapid agile developmenttechniques to translate business requirements into high-level designspecifications
Detailed design and technical software application requirements thatinform the criteria for acceptance of the requirements
Requirements to ensure that the automated functionality is developed inaccordance with design specifications
General requirements:Software Development
Software Selectionand Installation
Maintenance ofcommercial-off-the
shelfsoftware
Applying vendorsupplied patches
and updates
This refers to the software selection process and installation which willbe used in the MDA’s to ensure that the required software isimplemented. This has to consider the GEA principles for inoperability,ensuring that prior to this process existing software can be re used.
This refers to the principles guiding the maintenance of software directlypurchased off the shelf.
A software update management process shall be maintained to ensurethat the correct patches are implemented in the software
General requirements:Software Selection and Acquisition
Software Testing and Training
The guidelines under these section cover the following areas:� Input data validation� Internal processing� Message integrity� Output data validation� Training� Minimum software applications and operating system features� Software testing
General requirements:
Installing and usingpersonal software
Outdated and obsoletesoftware
Authentication method
to be used for licensedsoftware
Where users wish to install and use their privatesoftware on devices (eg laptops, tablets and computers)belonging to GoK
Where special or obsolete software is required for continued operation of existing systems
General requirements:Purchase, deployment and use of licensed software
Software vendors are required to provide a recommended mechanism for GoK to authenticate genuine software that is purchased by GoK on or beforedelivery of such software.
Software inventory.
Controll of changesmade to existing
software
Management ofremovable media
containing software
An up-to-date inventory for ICT software shall beprepared and maintained by the Head of ICT to ensureaccountability for all acquired software.
This applies to all changes made to software in theproduction environment)
General requirements:Purchase, deployment and use of licensed software
All removable computer media (such as hard-disks,thumb drives, CDs) shall be stored in a secure andcontrolled manner
Disposal or re-use of
software or equipment
containing licensedsoftware.
Disposal or re-use of software or equipment containing licensedsoftware
General requirements:Purchase, deployment and use of licensed software