Auditing and Logging of Changes
One challenge is that changes that are began in the middle of the development phase can cause problems because may these not be discovered or caused in testing.
The effectiveness of the change control methods should be a feature of auditing the development phase.
Therefore, during auditing change, control processes and procedures should be assessed. Logging changes is an essential aspect of system and software behavior.
Risk Analysis and Mitigation
When risk has been identified, a mitigation strategy should be created to avoid that risk. Risk analysis of software programs and systems is an essential means for identifying and analyzing risks. Today, we commonly use a risk analysis report to align technological goals with those of the company. In fact, Risk analysis is the process of analyzing, determining, and defining the risk of danger to government agencies, and businesses.
Types of hazards that are usually considered for risk analysis include:
- Known vulnerabilities
- Unknown vulnerabilities
- Transaction integrity: Does the software work properly and produce the correct results in all cases?