By recognizing the process or processes that are critical to be automated, organizations can begin to define the requirements a system must have to fulfill their needs. Many of the requirement that will be recognized as needs during the process will be identifies in a system analysis. The system analysis will consist of feasibility studies, system studies, and system requirement studies (Romney and Steinbart 621). Also during this phase, the organization will evaluate the current technology that is being used and make a decision on whether it will be able to house, operate, and maintain a new or additional information system. If determined by managers, IT professionals, and the steering committee that the current technology will not be sufficient for what the organizations plans to implement, an added expense of new or updated technology will be accounted and planned for. An additional expense that should be considered is the type and amount of security that is going to be needed (Radack). Due to industry regulations or organizational objective the basic requirements for security should be discussed to assure that they are not forgotten and are a main concern when acquiring or developing the system. Before continuing to the acquisition and development stage, organizations will need to analyze their budgets and the tests conducted in the initiation phase to decide what a feasible amount is that they should spend on an information system.
Throughout the acquisition and development phase organizations will continue to do research and analysis on the requirements that must be present in their system. The analysis will be conducted in a sequential order. It is important that organizations conduct adequate research to assure there are no loopholes for security breaches ones the system is implemented. What was developed during the initiation phase will be a foundation for what will be added during the acquisition and development phase (Radack). According to Shirley Radack, a formal risk assessment is used to ensure an organization has the security that is needed for their system. The formal risk assessment will work to identify threats and vulnerabilities that may be present in a system. With the potential threats, professional will be able to measure the risk for each threat and measure the potential impact it could have on the organization as a whole. This assessment of risk will be much more detailed and specific than what was presented in the initiation phase. With a comprehensive list of all the risks that may be present, organizations are now able to conduct a security functional requirement analysis. This analysis will take into consideration all of the current systems that are being used and all the current IT infrastructure. The analysis will be conducted by researching and listing all of the requirements that need to be present in any system to protect the confidentiality, integrity, availability of information, and any legal regulations that must be fulfilled (Radack). The next analysis will be used to show what controls and actions need to occur, the security assurance requirement analysis. To assure that all risks and threats are protected, this analysis should be conducted based on legal ramifications as well as system security operations. Managers should consider what controls are present and how they perform. By having a baseline knowledge of information technology security, managers will be able to make better predictions and guidelines for what needs they have for the new system(Radack).
Because all security requirements and plans are now agreed upon, organizations will decide whether they will acquire their new system from a vendors or whether they will develop the plan in house. When deciding which option is best for the organization they receive requests for proposals with estimated prices of each vendor’s system. They will also receive the capabilities of each system. With the capabilities of each system, managers will be able to make a decisions regarding what option will best cover all the security risks that are present. If managers feel that their organization’s IT professions have the capacity and capability to develop a system that is more cost effective and will cover all the security measures more effectively, managers may choose to develop the system in house.
Once the system has been either chosen or developed it will be ready to go through the implementation phase. The implementation phase is started with an implementation plan. The plan will be in the form of a formal report that will identify key factors including: tasks, estimated completion dates, costs, who is responsible and will be held accountable for different tasks (Romney and Steinbart 690). Also within the plan will be identified risk factors that the implementing team may experience that will limit the success of the implementation. Strategies for how the team will mitigate these risks will also be included.
For an organization that does not have an existing information system they may be required to install new physical infrastructure. In order to assure security and stability of system, organizations may be required to install new electrical outlets, raised floors, fire suppression and other protective measures (Romney and Steinbart 691). Once the infrastructure advancements are complete the software will be able to be implemented.
...(download the rest of the essay above)
About this essay:
This essay was submitted to us by a student in order to help you with your studies.
If you use part of this page in your own work, you need to provide a citation, as follows:
Essay Sauce, The system development life cycle. Available from:<https://www.essaysauce.com/information-technology-essays/the-system-development-life-cycle/> [Accessed 22-10-19].
Review this essay:
Please note that the above text is only a preview of this essay.