NCJ Number
88632
Date Published
1981
Length
13 pages
Annotation
Barclays Bank in Great Britain views computer systems security as an intrinsic part of system design and development processes.
Abstract
Security must be built in, not added on, to system design. The bank follows the conventional phases of the systems' life-cycle: business survey, feasibility study, systems analysis, system specification and design, program design, programming, testing, proving, implementation, and maintenance. Quality assurance (QA) is becoming an important feature of software engineering and computer applications. The QA function is to verify that, as each stage in the development phases of the system life-cycle is completed, the work is carried out to prescribed standards using only methods, techniques, etc., which are recommended or mandatory. The paper discusses the importance of the internal audit and the role of the systems audit team. Essential criteria in controlling systems under development are described in order that a formal technical review of a project may be carried out at each stage. Factors affecting the reliability of systems are discussed, and program acceptance testing and operational controls for running systems are described. Five references are included. (Author abstract modified)