Académique Documents
Professionnel Documents
Culture Documents
THE SYSTEMS
• Methodology: formal approach to problem solving
DEVELOPMENT based on structured sequence of procedures
LIFE CYCLE
• Using a methodology:
• Ensures a rigorous process
• Increases probability of success
SYSTEMS
DEVELOPMENT • Identification of specific threats and creating
controls to counter them
LIFE CYCLE
• SecSDLC is a coherent program rather than a
series of random, seemingly unconnected actions
BASIC IDEA OF SECSDLC
• Investigation – The investigation phase of the SecSDLC begins with a directive
from upper management specifying the process, outcomes, and goals of the
project, as well as its budget and other constraints.
• Logical Design – In the logical design phase, team members create and
develop the blueprint for security, and examine as well as implement key
policies that influence later decisions.
BASIC IDEA OF SECSDLC
• Physical Design – In the physical design phase, team members evaluate the
technology needed to support the security blueprint, generate alternative
solutions, and agree upon a final design.
• Create System Solution as per Business • Risk Assessment – Identify the protection requirement through a
formal risk assessment process.
Requirement.
• Applications are selected to provide
• Security Functional Requirement Analysis
• Service o System security environment
o Security functional requirement
• Data Support
• Needed input • Security Assurance Requirement – Development activity require
• No references for specific technology, vendor and assure that the information security will work correctly and
effectively by produce evidence.
& product.
• Alternative solution proposed with it • Cost consideration and reporting – How much cost can be
• Strengths & Weaknesses attributed to information security
• Cost & Benefits
• Security Plan – Ensure that agreed upon security controls are
• Another Feasibility performed properly planned or in place and fully documented.
Physical Design
• Select specific technology for implementation • Security Control Development – Ensure security controls are
• Decide make or buy designed, developed and implemented as per security plan.
• Perform another feasibility analysis
• Present the design to the higher • Developmental security test and evaluation.
management for approval
Implementation Implementation