Scribd
Upload
59 views3 pages

Module 11 Notes

The systems development life cycle (SDLC) is a fundamental part of organizations for designing and implementing information systems. It consists of different phases like investigation, analysis, design, implementation, and maintenance. There are traditional waterfall methods as well as agile approaches like rapid application development. The National Institute of Standards and Technology provides guidance on security considerations for each phase of the SDLC. Information security project management must realize that implementing projects takes time, effort, communication, and coordination through project planning tools like a work breakdown structure.

Uploaded by

First Name Last Name
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
59 views3 pages

Module 11 Notes

The systems development life cycle (SDLC) is a fundamental part of organizations for designing and implementing information systems. It consists of different phases like investigation, analysis, design, implementation, and maintenance. There are traditional waterfall methods as well as agile approaches like rapid application development. The National Institute of Standards and Technology provides guidance on security considerations for each phase of the SDLC. Information security project management must realize that implementing projects takes time, effort, communication, and coordination through project planning tools like a work breakdown structure.

Uploaded by

First Name Last Name
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Systems development life cycle

- SDLC
- Fundamental part of the organization for designing and implementation of an information
system
- Different phases depending on methodology deployed by addresses:
- Investigation, Analysis, design, implementation and maintenance.
- Oragnizations have their own set of needs.
- Joint application development (JAD)
- Defines specifications and create systems.
- Rapid application development (RAD)
- Used to increase speed at which requirements were collected and software was
prototyped allowing more iterations in design process.
- Agile programming
- Extreme programming

- Methodology
- Approach to solving a problem based on a structured sequence of procedures.
- SDLC is an example.

Traditional Methods:
- Waterfall model
- SDLC in which each phase flows from the information gained in the previous
phase with multiple opportunities to return to previous phases and make
adjustments.
- Investigation
- First phase and most important
- What problem is the system solving? Begins by examining event or plan that
initiates the process.
- Objectives, constraints and scope of the project are specified.
- Analysis
- Information gained during the investigation phase. Consists of assessments of
the organization, current systems and capability to support the proposed
systems.
- Logical Design
- Information gained from the analysis phase is used to begin creating a systems
solution for a business problem.
- Implementation independent.
- Addresses how the proposed system will solve the problem.
- Physical Design
- Specific technologies are selected to support the alternatives identified and
evaluated in the logic design.
- Components are evaluated based on a make-or-buy decision.
- Implementation
- Any needed software is created.
- Components are ordered, received and tested.
- Users are trained and supporting documentation is created.
- Maintenance and Change
- Longest and most expensive process.
- Consists of tasks necessary to support and modify the system for the remainder
of its useful life cycle.

Software Assurance
- Approach to software development
- Attempts to intentionally create software free of vulnerabilities and provide effective,
efficient software that users can deploy with confidence.

- US DOD launched a software assurance initiative in 2003 led by Joe Jarzombek.


- Initiative resulted in the publication of the swA Common Body of Knowledge.

Software Design Principles:


- Good development results in a finished product that meets all design specifications.
- Info sec is a crucial part
-

NIST Approach to Securing SDLC


- NIST has adopted simplified SDLC for approach
- Initiation, development, implementation, operation and disposal.
- Each should consider the security of the system being made as well as information
used.
- Implementing organization is responsible for ensuring its secure use.
- NIST Special Publication 800-64 Rev. 2
- Provides an overview of security considerations for each phase of the SDLC.

Info sec project management


- Info sec project management must realize that implementing an IS project takes time,
effort and a great deal of communication and coordination.
- Project management
- Process of identifying and controlling the goals, objs, tasks, scheduling and
resources of a project.
- Project plan
- Instructs the people who are executing the implementation phase.
- Focus on security control changes needed to improve security of hardware,
software, procedures, data and people that make up the IS.

Developing Project Plans


- Work breakdown structure (WBS)
- List of tasks to be accomplished in a project, skill sets or individuals needs to
perform tasks, the start/end dates, and resources required.
- Projectitis
- Which the project manager spends more time working with the project
management software than accomplishing meaningful work.

You might also like