Unit 4

characteristics of efficient and effective solutions, including:

• user-centred design

• clear and concise code

• detailed internal documentation 

characteristics of data types, data structures and data sources for input, storage and output

features of a programming language, including:

• local and global variables and constants

• data types

• instructions and control structures (sequence, selection, iteration/repetition)

• arithmetic, logical and conditional operators

• graphical user interfaces (GUIs)

• functions and methods

• classes and objects

• access modifiers (public, protected and private)

established and innovative approaches to software development, including:

• the use of code repositories

• application programming interfaces (APIs) and libraries

• artificial intelligence-based (AI) assistants

validation techniques, including:

• existence checking

• type checking

• range checking 

debugging and alpha testing techniques for checking that solutions meet requirements and function correctly, including the use of: 

• breakpoints

• commenting out code

• relevant test data

• test cases comparing expected and actual output in testing tables

strategies for conducting beta testing, including:

• construction of a testing plan and test scenarios

• observation of testing scenarios

• documentation of test results

features of evaluation strategies, including:

• evaluation criteria

• time frame

• responsibility

techniques for applying evaluation criteria

factors that influence the effectiveness of project plans, including:

• scope creep

• personnel changes

• technical issues

techniques for recording the progress of projects, including: 

• adjustments to tasks

• adjustments to time frames

• annotations to project plans

• monitoring and documenting progress using logs/journals

techniques for assessing the effectiveness of a project plan, including:

• reviewing the number of changes made to the project plan during the project

• the reason changes were necessary

• the impact of changes on the completion of the project

monitor, modify and annotate project plans as necessary

develop a software solution and write internal documentation

use and apply appropriate data types, data structures and data sources

develop and apply suitable naming conventions and validation techniques

select and apply debugging and alpha testing techniques

prepare and conduct beta testing using appropriate techniques, capture results and recommend modifications to the software solution to address identified issues

evaluate the efficiency and effectiveness of the software solution

assess the effectiveness of the project plan.

goals and objectives of medium and large organisations

advantages and disadvantages of developing software in-house or externally

types of vulnerabilities and risks within insecure development environments, including:

• use of application programming interfaces (APIs)

• malware 

• unpatched software

• poor identity and access management practices

• man-in-the-middle attacks

• insider threats

• cyber security incidents

• risks present from software acquired by third parties

• ineffective code review practices

• combined development, testing and production environments

security controls used to protect software development practices & data stored within applications, inc:

• version control and code repositories

• robust identity and access management

• encryption

• code review

• regular updates and patches to software 

• separated development, testing and production environments

threat modelling principles, including:

• defining security requirements

• identifying and mitigating threats

• confirming threats have been mitigated

criteria for evaluating the security of software development practices within an organisation

key legislation and industry frameworks that affect how organisations develop software and control the security and communication of data, including the: 

• Copyright Act 1968 (Cwlth)

• Essential Eight (cyber.gov.au)

• Information Security Manual (ISM) (Guidelines for Software Development: Development, testing and production environments; Secure software design and development; Application security testing)

• Privacy Act 1988 (Cwlth) (APP 1, 6, 8, 9, 11)

• Privacy and Data Protection Act 2014 (IPP 1, 2, 4, 5, 9)

ethical issues that arise when developing software, including:

• ineffective security practices

• use of artificial intelligence during development

• intellectual property

• copyright issues

mitigation measures to reduce or eliminate threats, vulnerabilities and risks within organisations and development environments

strategies for improving the security of software development practices, including:

• onboarding/induction practices and developer training focused on secure development

• development of risk management plans

analyse and describe an organisation’s software development practices 

propose and apply criteria to evaluate the effectiveness of the current software development practices

identify and describe vulnerabilities and risks based on current practices

identify and discuss the possible legal and ethical consequences to an organisation for ineffective software development practices, and how these could be resolved

recommend and justify improvements to organisations and their development environments to enhance secure software development practices.