The security systems development life cycle (secsdlc), Computer Network Security

The Security Systems Development Life Cycle (SecSDLC)

The same phases which is used in traditional SDLC can be adapted to support specialized implementation of IS project,At its center, implementing information security includes Identifying of specific threats and creating special controls to counter them.

 Investigation

The investigation phase of SecSDLC starts with a directive from upper management, dictating or Identifies the process, goals, outcomes, budget and constraints of project. This phase begins with the enterprise information security policy that outlines the implementation of a security program within organization. Organizational feasibility analysis can be performed to determine whether the organization has resources and commitment required to conduct a successful security analysis and design.

Analysis

In analysis phase, the documents from investigation phase are studied properly. The development team conducts a preliminary analyzes existing security policies or programs, along with the documented current threats and connected controls. This phase includes analysis of relevant legal issues also which could impact design of the security solution. The risk management task begins from this stage.

 Logical Design

The logical design phase creates and develops blueprints for information security and examines and implements key policies which influence the decisions. The team plans the incident response actions to be taken in the event of the partial or catastrophic loss. The planning answers following questions:

•    Continuity planning – How will business they continue in the event of loss?
•    Incident response - What steps should be taken when the attack is observed?
•    Disaster recovery – What should be done to recover information and vital systems immediately when the disastrous event has occured?

 Physical Design


In physical design phase, the information security technology required to support the blueprint outlined in the logical design can be evaluated, alternative solutions generated, feasibility study and final design agree upon.

 Implementation

In implementation phase in of SecSDLC is similar to that of the traditional SDLC. The security solutions are acquired, tested, implemented, and tested again. Personal issues are evolved, and specific training and education programs are conducted. Finally, the whole tested package is presented to upper management for the final approval.

Maintenance and Change

In this phase, given the current ever changing threat environment. Reparation and restoration of information is a constant duel with the unseen adversary. Information security profile of the organization requires constant adaptation as new threats emerge and old threats expand.

Posted Date: 10/8/2012 5:33:37 AM | Location : United States







Related Discussions:- The security systems development life cycle (secsdlc), Assignment Help, Ask Question on The security systems development life cycle (secsdlc), Get Answer, Expert's Help, The security systems development life cycle (secsdlc) Discussions

Write discussion on The security systems development life cycle (secsdlc)
Your posts are moderated
Related Questions
How much would it cost to have a project completed by tomorrow night?

Q. Explain the random key distribution? The triple key management mechanisms ensure a better and complete security solution using the random key distribution mechanism. In this

Ask You have been asked by a new client to assist in setting up a new computer for her coffee shop. She has just purchased the newest Apple computer from an online site. Should wou

QUESTION Testing of a Business Continuity Plan (BCP) does not need to be costly or to interrupt the daily operations of the business. The result of the test should also be look

The key concepts and frameworks covered in modules 1-4 are particularly relevant for this assignment. Assignment 2 relates to the specific course learning objectives 1, 2 and 3:

(a) Illustrate what you understand by Nyquist Capacity Theorem? (b) Consider we wish to transmit at a rate of 64 kbps over a 4 kHz noisy but error-free channel. What is the mini

Question : a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. Give the source MAC address for the frame in hexadecimal; the source I

Question: (a) African governments are slowly shifting to more transparent ICT regulations. However, but limited spectrum availability remains a key barrier to sustaining lon

What is one-time pad for encryption?  Describe how it offers both Confusion and Diffusion. Using the letter encoding discussed in class (along with one-time

Ethernet is a commonly used LAN technology. It was discovered at EXROX PARC(Palo Alto Research Center) in 1970s.Xerox, Intel and Digital described it in a standard so it is also kn