The security systems development life cycle (secsdlc), Computer Network Security

Assignment Help:

The Security Systems Development Life Cycle (SecSDLC)

The same phases which is used in traditional SDLC can be adapted to support specialized implementation of IS project,At its center, implementing information security includes Identifying of specific threats and creating special controls to counter them.

 Investigation

The investigation phase of SecSDLC starts with a directive from upper management, dictating or Identifies the process, goals, outcomes, budget and constraints of project. This phase begins with the enterprise information security policy that outlines the implementation of a security program within organization. Organizational feasibility analysis can be performed to determine whether the organization has resources and commitment required to conduct a successful security analysis and design.

Analysis

In analysis phase, the documents from investigation phase are studied properly. The development team conducts a preliminary analyzes existing security policies or programs, along with the documented current threats and connected controls. This phase includes analysis of relevant legal issues also which could impact design of the security solution. The risk management task begins from this stage.

 Logical Design

The logical design phase creates and develops blueprints for information security and examines and implements key policies which influence the decisions. The team plans the incident response actions to be taken in the event of the partial or catastrophic loss. The planning answers following questions:

•    Continuity planning – How will business they continue in the event of loss?
•    Incident response - What steps should be taken when the attack is observed?
•    Disaster recovery – What should be done to recover information and vital systems immediately when the disastrous event has occured?

 Physical Design


In physical design phase, the information security technology required to support the blueprint outlined in the logical design can be evaluated, alternative solutions generated, feasibility study and final design agree upon.

 Implementation

In implementation phase in of SecSDLC is similar to that of the traditional SDLC. The security solutions are acquired, tested, implemented, and tested again. Personal issues are evolved, and specific training and education programs are conducted. Finally, the whole tested package is presented to upper management for the final approval.

Maintenance and Change

In this phase, given the current ever changing threat environment. Reparation and restoration of information is a constant duel with the unseen adversary. Information security profile of the organization requires constant adaptation as new threats emerge and old threats expand.


Related Discussions:- The security systems development life cycle (secsdlc)

Explain web defacement, QUESTION (a) Compare and contrast phishing and ...

QUESTION (a) Compare and contrast phishing and pharming attacks (b) Nowadays, web defacement may not always be visual (i) Explain web defacement (ii) What is the main

Technology, how can you enter the ASVAB practice test on line?

how can you enter the ASVAB practice test on line?

Risk control strategies-risk management, Risk Control Strategies Once th...

Risk Control Strategies Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk: •    Apply safeguards wh

Explain the approaches to lric modeling, (a) Cost allocation mechanisms ar...

(a) Cost allocation mechanisms are important when it comes to establishing other aspects of inter-firm compensations and how these are transferred to the users. There are two pri

Briefly explain the contents of the needs analysis, QUESTION (a) Brief...

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

Base lining-risk management, Base lining •    Organizations do not have ...

Base lining •    Organizations do not have any contact to each other •    No two organizations are identical to each other •    The best practices are a moving target •    K

What do you understand by the term integrity, Question: (a) What do yo...

Question: (a) What do you understand by the term "integrity"? (b) Which type of attack denies authorized users access to network resources? (c) You have discovered tha

Direct point-to-point communication:, Early networks used simple point-to...

Early networks used simple point-to-point communication . In such a method of communication every communication channel connects exactly two devices. In this way it prepares a m

Describe the role of dns root servers in network, QUESTION (a) Describ...

QUESTION (a) Describe the role of DNS root servers in the Internet network. (b) What do you understand by the handover concept in a mobile network? (c) List five meth

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd