The world of technology is constantly evolving and businesses must keep up with the latest developments to stay competitive. In this chapter, we will explore two critical topics that are essential to any successful organization – the system development life cycle (SDLC) and emerging technologies. The SDLC is a systematic approach to developing software applications that has been used for decades. It outlines the steps that must be taken to design, develop, test, and deploy a software system. Understanding the SDLC is crucial for any organization that wants to create high-quality software that meets its business needs. In the following section, we will discuss emerging technologies that are changing the way businesses operate. Technologies such as blockchain, artificial intelligence (AI), Internet of Things (IoT), and quantum computing have the potential to transform industries and create new opportunities.

The aim...

The SDLC is a systematic process that outlines the steps involved in the development of software applications or information systems. The life cycle starts with initiation, followed by development/acquisition, implementation, operation/maintenance, and then disposal. Each phase has its own set of deliverable objectives and the process is designed to ensure that the software or system is delivered on time and within budget and meets the requirements of the stakeholders. The SDLC is essential in software development because it helps to manage the project effectively and minimize the risk of failure. By following a structured approach, the project team can ensure that the end product is of high quality and meets the needs of the stakeholders as well as users.

Phases of the SDLC

There are five phases of the SDLC. Let’s briefly discuss each of them, along with the associated risks:

• Phase 1 – initiation: The initiation phase of the SDLC is...

Project risk and SDLC risk are two distinct types of risk that organizations must manage during the software development process.

Project risk refers to the risk associated with achieving the project objectives, such as delivering the project on time, within budget, and meeting the requirements of the stakeholders. Project risks can include external factors, such as changes in market conditions, as well as internal factors such as delays in the development process or unforeseen technical issues. Managing project risks involves identifying potential risks, assessing their likelihood and impact, and developing a plan to mitigate them.

On the other hand, SDLC risk refers to the risk associated with the development process itself. SDLC risks can include issues with requirements gathering, software design, coding errors, and testing. Managing SDLC risks involves implementing best practices, such as adhering to industry standards and following a structured...

System accreditation and certification are two related but distinct processes that are often used to ensure the quality and reliability of systems and products.

Accreditation is the process of evaluating and verifying that a system or organization meets certain standards and criteria. This can involve a review of policies, procedures, and practices to ensure they comply with industry best practices or regulatory requirements. Accreditation may be conducted by internal auditors or external third-party auditors who specialize in conducting audits and assessments.

Certification is the process of issuing a formal document or certificate that attests to the fact that a product, service, or system meets certain predefined standards. It is conducted by a third-party organization that has been authorized to issue certifications. In many cases, certification is required before a product can be sold or a service can be offered to the public.

Both...

Emerging technologies have the potential to revolutionize the way we live, work, and interact with each other. Some of the emerging technologies that are likely to have a significant impact on the world in the near future include AI, IoT, and blockchain. Risk managers should keep themselves abreast of these latest trends and technological innovations to support the business by mitigating the potential risks when the organization decides to implement such a technology. In the following sections, we discuss some of these technologies, the associated risks, and some controls that the risk manager should be aware of as these emerging technologies become mainstream.

Bring your own device (BYOD)

BYOD refers to the policy of allowing employees to use their personal devices to access company resources such as networks and data. BYOD has several benefits for both employees and employers. For employees, it offers greater flexibility and convenience, allowing them...

In this chapter, we explored both the SDLC and emerging technologies to get a comprehensive understanding of how technology can be developed and utilized to meet the needs of modern businesses. We learned about the various phases of the SDLC, including initiation, development, implementation, maintenance, and disposal. As a risk manager, you will be responsible for knowing about these stages and closely working with the SDLC team to ensure that sufficient controls are implemented at each stage. We also learned about the emerging technologies that are changing the world, such as BYOD, IoT, AI, blockchain, and quantum computing. These technologies have the potential to significantly impact several industries, and risk managers will need to adapt to stay relevant in this rapidly evolving field.

In the next chapter, we will learn about information security and privacy principles.

1. A project is budgeted in which phase of the SDLC?
   1. Development
   2. Disposal
   3. Initiation
   4. Maintenance
2. End user training is an integral part of which phase of the SDLC?
   1. Development
   2. Disposal
   3. Initiation
   4. Implementation
3. Which of the following is the final stage of the SDLC?
   1. Development
   2. Disposal
   3. Initiation
   4. Maintenance
4. The key difference between project risk and SDLC risk is that ___.
   1. Project risk relates to project objectives, while SDLC risk relates to time.
   2. Project risk relates to project objectives, while SDLC risk relates to development objectives.
   3. Project risk relates to development objectives, while SDLC risk relates to project objectives.
   4. There is no difference; both are the same.
5. An organization would like to achieve a certification of compliance for its product. Which of the following is a must to achieve certification?
   1. A risk manager
   2. An internal audit team
   3. Policies
   4. An external audit firm
6. The practice of allowing employees to use personal laptops to access organizational...

1. C. The project is budgeted in the initiation phase of the SDLC.
2. D. The end users are trained in the implementation phase of the SDLC.
3. B. Disposal is the final phase of the SDLC.
4. B. Project risk relates to project objectives whereas SDLC risk relates to development objectives.
5. D. An external audit firm is required to certify a product.
6. B. BYOD allows employees to use personal laptops to access organizational resources.
7. C. The leaps in quantum computing could break, that is, decrypt, the current encryption algorithms.