CMGT/582 - CIS Security and Ethics
June 23, 2014
System Development Life Cycle
“Both risk governance and regulatory requirements emphasize the need for an effective risk management plan. And to effectively manage risk, it is important that definitions of the risk management plan objectives are clear from the start, so that the plan can head in the right direction. Risk management of information assets also provides a strong basis for information security activities, such as controlling risk to the confidentiality, integrity, and availability of information aligning mitigation efforts with business objectives, and providing cost-effective solutions after analyzing …show more content…
NIST Special Publication 800-64, rev. 1, provides an overview of the security considerations for each phase of the SDLC – “Each SDLC phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described or will have developed a tailored SDLC that meets their specific needs. Based on NIST recommendation, organizations should incorporate associated IT security steps of the general SDLC into their development process” (Whitman, 2012, p. 24).
Integrating security activities into the SDLC, allow organizations to get the