Security Considerations in the System Development Life Cycle

This guide details the steps to integrate information security into the software development lifecycle (SDLC) and related IT projects and initiatives.


To be most effective, information security must be integrated into the SDLC from system inception. Early integration of security in the SDLC enables agencies to maximize return on investment in their security programs, through:

  • Early identification and mitigation of security vulnerabilities and misconfigurations, resulting in lower cost of security control implementation and vulnerability mitigation;
  • Awareness of potential engineering challenges caused by mandatory security controls;
  • Identification of shared security services and reuse of security strategies and tools to reduce development cost and schedule while improving security posture through proven methods and techniques; and
  • Facilitation of informed executive decision making through comprehensive risk management in a timely manner.

This guide focuses on the information security components of the SDLC. First, descriptions of the key security roles and responsibilities that are needed in most information system developments are provided. Second, sufficient information about the SDLC is provided to allow a person who is unfamiliar with the SDLC process to understand the relationship between information security and the SDLC.

This document integrates the security steps into the linear, sequential (a.k.a. waterfall) SDLC. The five-step SDLC cited in this document is an example of one method of development and is not intended to mandate this methodology.

Download Document: Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf.
Download


Related Categories




Related Topics




Related Articles


5 Key Principles of Data Security

This quick guide to data security for businesses discusses 5 key principles to stay away from trouble.

A Guide to Virtualization Security

A practitioner's perspective on virtualization security issues and solutions.

A Socio-technical Framework for Information Security

 The authors argue that information security requires good tools and technologies combined with organizational integration and social alignment.

Are You Ready For the Cloud?

The cloud is ready. Is the CIO ready for the cloud? This paper contends that even though cloud computing is not perfect there are ways to overcome risks by "paying proper attention to vendor reputation, service-level agreements, and pricing schemes....

Cloud Computing Governance

This presentation discusses security, governance, risk, and compliance in the cloud and recommends a course of action for cloud computing governance.

Cloud Computing Security

In this paper we will explain why trust, reliability and security decisions are central to choosing the right model for cloud computing.

Cloud Computing: Security, Governance and Assurance Perspective

 This paper provides an overview of cloud computing and discusses potential business benefits, risks and assurance issues.

Cyberinsecurity: The Cost of Monopoly

Is the dominance of Microsoft posing a risk to security? This paper argues that software monopoly has an additional cost: security vulnerability.

Deloitte Global Security Survey

This excellent study done by Deloitte highlights the growing issues with information security - the threats are increasing as companies are slowing their investments.

Enterprise Security Best Practices

This presentation discusses the evolving digital world around us, its implications on our lives and business, new threats emanating in this boundary-less universe, and ways to deal with them. Excellent discussion for the CIO who wants a holistic pict...

Ethical Hacking

Ethical hacking has its place in enterprise security - just ask a Security Supervisor. Or better yet, listen to them when they are talking!

Executive's Handbook of Information Security

This guide provides in-depth introduction to the key issues surrounding information security in the digital age, highlights the impact of these issues, and recommends risk mitigation strategies to anticipate, and avoid losing business value because o...

Global Information Security Survey (2010)

As organizational boundaries vanish, so does the traditional information security paradigm. This survey of over 1600 participants from 56 countries highlights the information security challenges facing organizations today and how they are managing t...

Hacking 101

This presentation describes the key vulnerabilities in web applications and discusses how to protect against the next attack.

Hybrid Web Security

 Security threats and solutions for both Cloud Computing and On-premises environment.

Identity Management in Health IT

This presentation discusses the imperatives for identity and access management in health information technology.

Implementing Cloud Computing

Developing a cloud computing strategy? This presentation discusses the opportunities and obstacles in implementing cloud computing then provides guidance on developing a cloud computing strategy.

Information Security Strategy Guide

This information security guide provides guidance to organizations and auditors on assessing the level of security risks to the organization and evaluating the adequacy of the organization’s risk management.

Information Technology Security

This study provides a framework to compare and assess information security governance, strategy, investment, and practices with other organizations using the ISO/IEC 17799 framework for security standards as a guide. The study was done for instituti...

Pricewaterhouse Global Information Security Survey 2010

As global economic conditions continue to fluctuate, information security hovers in the balance caught between a new hard-won respect among executives and a painstakingly cautious funding environment. Signs of security’s strategic gains and advances...

Virtualization Security

  Virtualization Security describes the issues and possible solutions to deal with security vulnerabilities in a virtualized environment.




Posted on 04/26/2011 by


Security Considerations in the System Development Life Cycle author sourabhhajela

sourabhhajela




Signup For ThoughtLeader









Subscribe


CIO Index

Our Focus is On Your Agenda

CIO Index is the world's largest professional network for CIOs - of the CIO, for the CIO, by the CIO. 

Over 70,000 CIOs and other IT Executives use CIO Index to Learn, Network and Share.

 

Cioindex, Inc.

  • (+1) 800-309-3550
  • Mon - Fri 9:00am - 5:00 pm
  • 115 Franklin Tpke, Mahwah, NJ 07430