6.2 Application Development
(a) Systems Development Methodology
In this section, approaches to develop or acquire information systems or application systems are presented. In addition, models deployed in and tools to be applied in software development are discussed. The need for conducting due care and due diligence reviews during system development or acquisition is highlighted.
(i) Traditional Approaches to Develop or Acquire Systems
Two approaches or methodologies exist to develop or to acquire information systems or application systems: traditional approaches and alternative approaches. The traditional approach requires systematic and disciplined work using a system development life cycle (SDLC) methodology with phases to ensure consistency and quality of work. Five phases of SDLC include the following:
Usually, the traditional approach combined with the SDLC methodology is used in developing custom software. Next, system-related activities and security-related activities are presented for each phase of the SDLC.
(A) Phase 1: Planning/Initiation
System-related activities are listed next.