Strategies for minimising potential risks

Question 1

Explain two strategies that are used to minimise potential risks in software development.

Answer 1

Any two of the following:

• Implementing an end-to-end strategy ensures that testing occurs at each stage of the software development cycle.
• Software security audits may be conducted independently or as part of a broader software audit, which can be performed by a party external to the development team or by the team itself. The software audit might employ analysis tools to collect data regarding the software’s performance, either from a security or functionality perspective.
• Determining risk tolerance, also referred to as risk appetite, involves finding a balance between the financial investment and the usability of information assets, weighed against the potential financial liability, loss of information assets, and damage to reputation if the risk is exploited.
• Penetration testing is a method for identifying security vulnerabilities in web applications. This is accomplished by rigorously scrutinizing each page and line of code in the application for known weaknesses.