SDLC Case Study

During SDLC phase one, the initiation phase, “the need for a system is expressed and the purpose of the system is documented” (NIST, 2008). Some of the expected outcomes from this phase would be a project plan and schedule; system performance specifications outlining the operational requirements, system design documents, and a document that defines roles and responsibilities. The corresponding RMF step, security categorization, establishes the foundation for security standardization among information systems and provides a vital step towards integrating security into the information system (NIST, 2008). During this step, the type(s) of information processed by the information system are identified and the information system is categorized to determine the level of protection requirements to put in place. Some of the expected outputs of this step include a security project plan and schedule, documented system boundary, the system categorization, and the security roles and responsibilities. These two process steps are very similar except the focus of RMF is on information security related functions. In some cases, SDLC produces the expected outputs that RMF requires, and the security professionals only require a copy of the documentation for their records. For example, the system design document often depicts the system boundary. The reason this step is so critical is that it

Differentiate between key security ideas, perceive the parts, reference screen, and security portion in ensuring the application security.

Identify at least 3-5 potential information security risks that the lab may be exposed to and propose counter measures for addressing those risks. Identify security technology and products that could be used to protect the lab environment from these risks. Use

Another step involves security checks upon implementation and describes agency-level threat to the business scenario or the mission. It similarly entails sanctioning the information system for processing and lastly constant monitoring of the security controls. FISMA and NIST's standards are aimed at offering the ways for agencies to achieve their identified missions with safety commensurate with the threat (United States Department of Agriculture, 2015). Together with guidelines from the Office of Management and Budget (OMB), FISMA and NIST create a framework for advancing and growing an information security scheme (SecureIT, 2008). Such framework includes control descriptions and evaluation, program development, and system certification and accreditation. The final objective involves conducting daily functioning of the agency and achieving the agency's articulated objectives with sufficient security commensurate with risk.

Operations and Structure- to enable the security professional to carry out effective planning on the

An important part of this training will involve communicating key parts of the security policy so that employees will have an adequate understanding of potential threats and their remedy.

This paper serves to direct the development team along a pathway of security, with the intent to share information about the most secured manner to implement this project. It must first be acknowledged that for information to be secured, information security must be integrated into the SDLC from system inception. The early integration of security in the

Phase 6 - conduct a vulnerability assessment according to NIST SP 800-115: Technical Guide to Information Security Testing;

The Risk assessment will be a vital part of the whole security plan which is a document which basically covers the whole

Miller Inc. which is in the business of providing data collection and analytics services relies majorly on network security to keep its competitive advantage. This is because the customers that rely on the company's system trust that since there are sufficient security measures that have been ensured, they can store their data securely. Each of the functional models of the system should have sufficient security measures to ensure that complete security of the whole system architecture is achieved. The three functional modules are the backend module, services or operation module and customer access module. The major relationship between infrastructure and security comes in the role they play to ensure that the end user gets the data that they need when they need it and in the best way possible. Therefore for the three modules, there is a need to balance security with the right infrastructure.

Application of context to scan results – to determine which infrastructure vulnerabilities should be targeted first and most aggressively.

In the three maintained products the threats and risks are to be identified. Such as the data base securing, user identification, authorizing proper managers, protections from hackers and updated firewalls and less vulnerable software.

Security professionals are involved in the development life cycle. The date owner with the help of the senior management and the security team lead the projects.

Security development lifecycle are the steps that software development goes through in a bid to come up with software that is able to withstand cyber security concerns such as worms and viruses, cyber-attacks, and loss of data. There are various steps outlined that can assist in the development of secure software (Dahal, 2012).

Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which