December 15, 2022
CISSP Study Guide: The Software Maintenance and Change Control
December 15, 2022
Information security should be a significant aspect of the software development process. This ensures secure applications are being used at the optimal level while minimizing development costs and code reworking.
Software Maintenance and Change Control: Change management is a formalized process designed to control any changes made to systems and programs, and to examine the request, determine its feasibility and impact, and produce a timeline to implement approved changes. The change-management process offers all stakeholders time for strategic input before changes are made. The six steps in change management:
- Define change-management processes and practices
- Receive change requests
- Plan and document the implementation of changes Implement and monitor the changes
- Evaluate and report on implemented changes
- Modify the change-management plan, if necessary
- During the maintenance stage, one approach is to divide it into three sub-stages: request control, change control, and release control.
Request control – manages the users’ requests for modifications to the software product and collects information used to administer this process. Steps included in this process are:
- Establishing the priorities of requests
- Estimating the cost of the changes requested
- Determining the interface that is presented to the user
Change control – the principal step in the maintenance stage and handles the following issues:
- Recreating and analyzing the problem
- Developing the changes and corresponding tests
- Performing quality control
- The tool types to be used in implementing the changes
- The documentation of the changes
- The restriction of the changes’ effects on other parts of the code
- Recertification and accreditation, if required
Release control – implements the latest release of the software, and involves determining which requests will be included in the new release, archiving of the release, configuration management, quality control, distribution, and acceptance testing.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals