Warning: Use of undefined constant add_shortcode - assumed 'add_shortcode' (this will throw an Error in a future version of PHP) in /nfs/c03/h04/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/stray-quotes/stray_quotes.php on line 615

Warning: Use of undefined constant MSW_WPFM_FILE - assumed 'MSW_WPFM_FILE' (this will throw an Error in a future version of PHP) in /nfs/c03/h04/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/wordpress-file-monitor/wordpress-file-monitor.php on line 39
SDLC Framework

SDLC Framework

SDLC = System Development Life Cycle

The Framework

The Framework

The SDLC framework is a multi-step outline that describes the life cycle of an information system.
(…more)

Initiation Phase

Initiation Phase

This is where the need and purpose for the information system is defined and documented. This includes System Characterization and the beginnings of Risk Assessment.
(…more)

Acquisition and Development Phase

Acquisition and Development Phase

Defining the security requirements, including risk assessment and security controls. Security planning involves documenting these requirements and preventative controls.
(…more)

Implementation and Assessment Phase

Implementation and Assessment Phase

Integration of security controls, Certification & Accreditation and documentation updates.
(…more)

Operations and Maintenance Phase

Operations and Maintenance Phase

Configuration managment continues with monitoring and a change control process. Continuous monitoring checks critical security components. Any changes to the usual suspects must be updated.
(…more)

Disposal Phase

Disposal Phase

Information needs to be preserved, then media sanitized, then hardware and software can be disposed of properly. Documentation must be updated.
(…more)

Processes and Controls

Processes and Controls

Here are some processes across the SDLC Framework and related controls.
(…more)

Implementation

Implementation

In addition to the IMPLEMENTATION Phase of the SDLC, smaller pieces of the general implementation process are scattered across other parts of the framework.
(…more)

Patch and Vulnerability Management

NIST 800-40 “Creating a Patch and Vulnerability Management Program” describes the functions and processes that a patch and vulnerability management program should cover in order to maintain effective security. Importance of patch management As operating systems, applications and utility tools continue to manifest exploitable flaws, rapid application of security patches becomes critical to security. Attackers […]

Continuous Monitoring

Continuous monitoring is about keeping an ongoing watch on how well your security controls are doing their job. NIST introduced this idea back in 2004 when they were also evangelizing about the Authorization process, then known as Certification and Accreditation (or C&A). By law (FISMA), NIST supplies federal organizations with security guidance, which can be […]