Security Considerations in the System Development Life Cycle


This guide details the steps to integrate information security into the software development lifecycle (SDLC) and related IT projects and initiatives.

To be most effective, information security must be integrated into the SDLC from system inception. Early integration of security in the SDLC enables agencies to maximize return on investment in their security programs, through:

  • Early identification and mitigation of security vulnerabilities and misconfigurations, resulting in lower cost of security control implementation and vulnerability mitigation;
  • Awareness of potential engineering challenges caused by mandatory security controls;
  • Identification of shared security services and reuse of security strategies and tools to reduce development cost and schedule while improving security posture through proven methods and techniques; and
  • Facilitation of informed executive decision making through comprehensive risk management in a timely manner.

This guide focuses on the information security components of the SDLC. First, descriptions of the key security roles and responsibilities that are needed in most information system developments are provided. Second, sufficient information about the SDLC is provided to allow a person who is unfamiliar with the SDLC process to understand the relationship between information security and the SDLC.

This document integrates the security steps into the linear, sequential (a.k.a. waterfall) SDLC. The five-step SDLC cited in this document is an example of one method of development and is not intended to mandate this methodology.

Download Document: Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf.
Download


Related Categories




Related Topics



Related Articles


  • 5 Key Principles of Data Security
  • A Guide to Virtualization Security
  • A Socio-technical Framework for Information Security
  • Agile Methodology Guide
  • Are You Ready For the Cloud?
  • Cloud Computing Governance
  • Cloud Computing Security
  • Cloud Computing: Security, Governance and Assurance Perspective
  • Cyberinsecurity: The Cost of Monopoly
  • Deloitte Global Security Survey
  • e-Book - A Guide to Cybersecurity Threats
  • e-Book - Guide to Information Security
  • e-Book - Managing the Systems Life Cycle
  • Enterprise Security Best Practices
  • Ethical Hacking
  • Executive's Handbook of Information Security
  • Global Information Security Survey (2010)
  • Hacking 101
  • Hybrid Web Security
  • Identity Management in Health IT
  • Implementing Cloud Computing
  • Information Security Strategy Guide
  • Information Technology Security
  • Pricewaterhouse Global Information Security Survey 2010
  • Virtualization Security

  • Posted on 04/26/2011 by


    Security Considerations in the System Development Life Cycle author sourabhhajela

    sourabhhajela




    Signup For ThoughtLeader









    Subscribe


    CIO Index

    Our Focus is On Your Agenda

    CIO Index is the world's largest professional network for CIOs - of the CIO, for the CIO, by the CIO. 

    Over 75,000 CIOs and other IT Executives use CIO Index to Learn, Network and Share.

     

    Cioindex, Inc.

    • (+1) 800-309-3550
    • Mon - Fri 9:00am - 5:00 pm
    • 375 North Stephanie St., Ste 1411, Henderson, NV 89014