Essay on System Development Life Cycle

1231 WordsSep 7, 20145 Pages
System Development Life Cycle Irene Anderson CMGT/582 - CIS Security and Ethics June 23, 2014 Krystal Hall System Development Life Cycle “Both risk governance and regulatory requirements emphasize the need for an effective risk management plan. And to effectively manage risk, it is important that definitions of the risk management plan objectives are clear from the start, so that the plan can head in the right direction. Risk management of information assets also provides a strong basis for information security activities, such as controlling risk to the confidentiality, integrity, and availability of information aligning mitigation efforts with business objectives, and providing cost-effective solutions after analyzing…show more content…
Table 1-2, (Whitman, 2012, p. 28). The Information Technology (IT) Security Certification and Accreditation (C&A) process evaluates the implementation of an IT system or site against its security requirements. The process produces evidence used by a designated manager as part of the basis for making an informed decision about operating that IT system or site. The NSTISSI2 NATIONAL INFORMATION SYSTEMS SECURITY (INFOSEC) GLOSSARY No. 4009 September 2000 defines certification as a “comprehensive evaluation of the technical and non-technical security safeguards of an IS to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements” and accreditation is a “formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards” (SANS Institute, 2007, p. 1). “The NIACAP establishes a standard national process, set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site” (National Security Telecommunications and Information Systems Security Committee, 2000). The

More about Essay on System Development Life Cycle

Open Document