System Development Tools and Productivity Aids
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi and welcome back.
00:00
This lesson we'll be covering
00:00
system development tools and productivity aids.
00:00
In this lesson, we'll cover a little bit
00:00
about computer-aided software engineering,
00:00
some of the issues that you might face as
00:00
an auditor with these type of tools,
00:00
a little bit on code generations
00:00
and fourth generation languages.
00:00
Let's begin. Computer-aided software engineering.
00:00
CASE is basically the automated tools
00:00
which are used in the software development process.
00:00
The tools can vary and they can include things such
00:00
as tools for software requirements capture and analysis,
00:00
the design of software itself, production of the code,
00:00
testing of the software or
00:00
even down to the document generation.
00:00
There are three categories of CASE products.
00:00
We have upper CASE, these are products that are
00:00
used to describe and document
00:00
the business application requirements.
00:00
We have middle CASE and
00:00
these are products that are used for
00:00
developing detailed designs of the actual product itself.
00:00
Lower CASE, which are
00:00
products that are involved in the generation of
00:00
the program code and the database generation.
00:00
As an IS auditor, what issues
00:00
are you likely to come across?
00:00
Basically, CASE tool will help with the design,
00:00
but not whether the application
00:00
meets the organizational needs.
00:00
You need to be aware that the case tool is not
00:00
[inaudible] to solve the production
00:00
of the software problems entirely,
00:00
it still needs the discipline of
00:00
the actual program and project methodology behind it.
00:00
As I said, project methodology
00:00
needs to be sound for CASE to be a benefit.
00:00
Having a tool to design and
00:00
do a lot of the work for you is great,
00:00
but unless there is discipline behind that,
00:00
and that's the traditional discipline
00:00
of documentation, stakeholder engagement.
00:00
Everything that we've covered in
00:00
the previous project methodology sessions,
00:00
it's not going to be of much benefit.
00:00
You also need to look at
00:00
monitoring the integrity of the data movement.
00:00
Now as an IS auditor,
00:00
a lot of your role will be protecting or a
00:00
least determining how the organization protects its data.
00:00
Making sure that there are protections for any of
00:00
the company data moving through
00:00
the software is fairly important.
00:00
Again back onto the discipline,
00:00
so a change management.
00:00
An automated tool to create software.
00:00
It could be very much temptation
00:00
to change requirements on the fly,
00:00
but it still needs
00:00
the proper change management discipline
00:00
behind it to ensure it's effective.
00:00
We also have application controls,
00:00
so ensuring that the application is
00:00
secure and also security of the case tool itself.
00:00
If the case tool is going to be developing your software,
00:00
you need to make sure that
00:00
the integrity of that software is sound.
00:00
Now code generation, this is a tool that
00:00
can sometimes be incorporated into CASE.
00:00
As the name would suggest,
00:00
they basically generate the code.
00:00
They're based on parameters defined by
00:00
the system analysts or the flow diagram.
00:00
It's just a way of or again,
00:00
automating part of your design process.
00:00
Fourth generation languages.
00:00
These basically programming languages.
00:00
They're non-procedural, they're
00:00
environmental independent.
00:00
In other words, they can be portable
00:00
from one platform to another.
00:00
They basically income with
00:00
a program of workbench concepts on IDE.
00:00
4GL languages will use query and report generators,
00:00
so embedded databases,
00:00
relational databases and also application generators.
00:00
We have come to the end of our lesson.
00:00
We've covered the computer-aided software engineering,
00:00
we've talked about some of the auditor issues that
00:00
you may encounter when you come across these tools,
00:00
a very little bit about code generation
00:00
and fourth generation languages.
00:00
I hope you enjoyed the lesson
00:00
and I will see you at the next one.
Up Next
