The security systems development life cycle (SecSDLC) uses the same phases as the systems development life cycle. Although the two processes are different due to what each is used for and the activities associated with them, Michael Whitman and Herbert Mattord claim “the overall methodology is the same.” (2012, pg. 26). Since a business, company, or an organization with a network must consider the many technologies and methodologies available today, for an effective security control plan, one would be remiss not to follow the SecSDLC phases:
1. The Investigation phase is engaged with “a directive from upper management, dictating the process, outcomes, and goals of the project, as well as its budget and other constraints” (Whitman & Mattord, 2012, pg. 26). During this phase, all interested parties discuss whether the organization has the funds and commitment to move forward with a potential plan.
2. The Analysis phase is engaged when documentation from the investigation phase is reviewed. The team will analyze current policies and threats, and “relevant legal issues that could affect the design of the security solution” (Whitman & Mattord, 2012, pg. 27) as well.
3. The Logical Design phase is engaged when the analysis of the plan is complete. This phase is where the team “creates and develops the blueprints for information security” (Whitman & Mattord, 2012, pg. 27). This phase also considers significant procedures that may impact plan
- Decent Essays
Qlt1 Task 1
- 649 Words
- 3 Pages
II. Planning Stage - PM meets with VP of Tech to go over spec. The two collaborate to create a Project Plan including a Gant Chart or equivalent to determine team member deadlines (individual initiatives) four launch.
- 649 Words
- 3 Pages
Decent Essays - Decent Essays
The Investigation Of Rita Crundwell
- 1596 Words
- 7 Pages
Steps such as interviews you may have conducted, transactional testing, document reviews, the timeframe under review, research you might have done, and anything else to investigate the issue.
- 1596 Words
- 7 Pages
Decent Essays - Better Essays
Va Cyber Security Research Paper
- 1279 Words
- 6 Pages
The OIG 2011 FISAM Assessment indicates that “FISMA Section 3544 requires establishing policies and procedures to ensure information security is addressed throughout the life cycle of each agency information system” (VA Office of Inspector General, 2012, p. 9). Based on the lack of consistency in use of SDLC and change control, major security risks may go unnoticed.
- 1279 Words
- 6 Pages
Better Essays - Decent Essays
A New Joe on the Block Essay
- 882 Words
- 4 Pages
The next step involves a master plan that specifies the method and procedure for collecting and analyzing the needed information. This is the design that will provide the plan of action or framework for the research. Joe decision about which method he will adopt will be base on his budget, for instance, he can survey his target market segment using questioners which could provide insight into their behavior pattern, or he can take less expensive approach by accessing secondary data that have descriptive
- 882 Words
- 4 Pages
Decent Essays - Decent Essays
The System Development Life Cycle And The Risk Management Framework
- 1301 Words
- 6 Pages
During SDLC phase one, the initiation phase, “the need for a system is expressed and the purpose of the system is documented” (NIST, 2008). Some of the expected outcomes from this phase would be a project plan and schedule; system performance specifications outlining the operational requirements, system design documents, and a document that defines roles and responsibilities. The corresponding RMF step, security categorization, establishes the foundation for security standardization among information systems and provides a vital step towards integrating security into the information system (NIST, 2008). During this step, the type(s) of information processed by the information system are identified and the information system is categorized to determine the level of protection requirements to put in place. Some of the expected outputs of this step include a security project plan and schedule, documented system boundary, the system categorization, and the security roles and responsibilities. These two process steps are very similar except the focus of RMF is on information security related functions. In some cases, SDLC produces the expected outputs that RMF requires, and the security professionals only require a copy of the documentation for their records. For example, the system design document often depicts the system boundary. The reason this step is so critical is that it
- 1301 Words
- 6 Pages
Decent Essays - Good Essays
WEEK TWO CMGT 400 INDIVIDUAL ASSIGNMENT Essay
- 1436 Words
- 6 Pages
Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology.
- 1436 Words
- 6 Pages
Good Essays - Satisfactory Essays
MAPP Phases: A Case Study
- 434 Words
- 2 Pages
The fourth phase is strategic issues in which participants create a methodical list of the most important issues that the community is dealing with. The issues are identified by looking at the results from the assessments and figuring out how those issues have an effect on the attainment of the shared vision. In phase five which is goals/strategies, the participants take the strategic issues recognized in the prior phase and make goal statements related to those issues. Then broad strategies are established in order to address the issues and achieve the goals related to the community's vision. This phase causes the development and implementation of an interrelated set of strategy assertions. The action cycle phase involves three activities: planning, implementation, and evaluation. This is the phase where results are produced as the action
- 434 Words
- 2 Pages
Satisfactory Essays - Decent Essays
Hezbollah: A Qualitative Analysis
- 385 Words
- 2 Pages
when the analyst verifies that they understand what the consumer is looking for in the final product. This ensures that the analyst is then asking the right questions during their analysis of gathered information. The second step is, “…generating hypotheses…,” (Heuer, 1999, pg.174), which is where the analyst tries to identify all plausible hypotheses. One thing that the analyst should do during this step is to consult coworkers along with other subject matter experts because they may be able to introduce the analyst to new perspectives. The third step is, “…collecting information…,” (Heuer, 1999, pg. 174). Sometimes an analyst needs to gather additional information above that which was given to them at the beginning of this process. The fourth step is, “…evaluating hypotheses…,” (Heuer, 1999, pg. 175), which is where the analyst tries to, “…develop arguments against each of their hypotheses…,” (Heuer, 1999, pg. 175). This forces the analyst to look at the
- 385 Words
- 2 Pages
Decent Essays - Better Essays
The Security Service Provider And Solutions Provider Sector
- 2064 Words
- 9 Pages
When you finish this series, you are either going to dislike me, or dislike me more, and I mean this sincerely. The following is a response to the CISO Manifesto, and it is coming from the Security Service Provider / Solutions Provider sector. While I don’t represent my industry as a whole, I will present my view from the technical side of the scope. While I enjoyed the manifesto, I couldn’t help but notice the same tried and true “follow the herd” conformity roles that too many security professionals follow, especially up at the higher end of the spectrum. With that said, this series (because it will be too long to fit into one article) will attempt to offer some insight (or counters) surrounding some of the gripes described in the CISO
- 2064 Words
- 9 Pages
Better Essays - Good Essays
Fbi Computer Analysis And Response Team ( Cart )
- 1029 Words
- 5 Pages
Event Reconstruction Phase: This is the final phase of the investigation. In this phase, the investigators assemble the evidence acquired to ascertain the events that took place in the system (Carrier, 2005).
- 1029 Words
- 5 Pages
Good Essays - Better Essays
Project Audit : The Audit
- 1717 Words
- 7 Pages
Audit report preparation: This stage of the audit life cycle will take the information from the preliminary analysis and prepare the audit report. The report will be made to whatever format the organization agreed upon. Besides the findings in the audit, there will be recommendations and a plan to implement the recommendations in the report to use on the project. Before the recommendations are published they will need to be verified an approved by management.
- 1717 Words
- 7 Pages
Better Essays - Decent Essays
Business Continuity and Disaster Recovery
- 2033 Words
- 9 Pages
Phase 1 - Establish the foundation. These alignment and analysis steps are necessary to obtain executive sponsorship and the commitment of resources from all stakeholders. Without a basis of business impact analysis and risk assessment, the plan cannot succeed and may not even be developed.
- 2033 Words
- 9 Pages
Decent Essays - Better Essays
Essay on Project Management, The Building Of The Three Gorges Dam
- 1849 Words
- 8 Pages
In the define phase proposals are formulated, estimated and tested for feasibility. The results will be presented to the senior management in order to receive a "go" for the project which often is in the form of a contract.
- 1849 Words
- 8 Pages
Better Essays - Better Essays
Principles of Security 5th Edition Chapter 1 Review Questions
- 814 Words
- 4 Pages
13. Which members of an organization are involved in the security system development life cycle? Who leads the process?
- 814 Words
- 4 Pages
Better Essays - Better Essays
Software Development Life Cycle
- 1217 Words
- 5 Pages
Extensively Involved in Installation, Configuration, and Administration of Microsoft Office SharePoint Server 2010/2013 on medium farm environment
- 1217 Words
- 5 Pages
Better Essays