SDLC Case Study

584 Words3 Pages
Security should be introduced into the SDLC in each stage of development to save time and money because security costs will only increase in SDLC, so any vulnerabilities discovered early in the cycle is beneficial to the organization.

Planning -The organizations' core security concepts, principles, and strategies should be written and taken into consideration alongside the planning phase. Employees training and awareness on core concepts, common threats, policies, and procedures should be organized so they are able to evaluate security risks and keep the SDLC secure.

Analysis -Security requirements and goals should be gathered and potential threats and security breaches should be identified from both internal and external sources. This should be both a manual and technical analysis.

Design -Perform an
…show more content…
Security training can be provided to project managers and architects in this stage to perform these tasks.
Development - A risk assessment should be done and use the results as a baseline for security controls to review coding standard, libraries, and practices. Developers should be trained to identify coding vulnerabilities in this stage.
Testing- Test plans that show how to verify each security requirement. Prioritize a list of vulnerabilities from the automated and manual analysis.
Implementation -Implement procedures for existing authentication, access, controls, encryption, and backup. Security features should be configured enabled and verified. A final security review should be performed and engineer staff should test functionality and watch for any errors in configuration at this stage. A monitoring response plan can be put in place so IT knows the procedures when dealing with security breaches.
Maintenance - Systems and products should be monitored and periodic maintenance performed to evaluate that the system and security are up to
Get Access