Archive for SDLC Framework
You are browsing the archives of SDLC Framework.
Patch and Vulnerability Management
NIST 800-40 “Creating a Patch and Vulnerability Management Program” describes the functions and processes that a patch and vulnerability management program should cover in order to maintain effective security. Importance of patch management As operating systems, applications and utility tools continue to manifest exploitable flaws, rapid application of security patches becomes critical to security. Attackers [...]
Inventory
Inventory is one of the earliest processes in the System Development Life Cyle (SDLC) and also one of the most critical. It is a sub-process of both the System Characterization process and the Configuration Management process and the output from it either directly feeds many other processes or has significant influence over them. An accurate [...]
Implementation
In addition to the IMPLEMENTATION Phase of the SDLC, smaller pieces of the general implementation process are scattered across other parts of the framework.
(…more)
Processes and Controls
Here are some processes across the SDLC Framework and related controls.
(…more)
Disposal Phase
Information needs to be preserved, then media sanitized, then hardware and software can be disposed of properly. Documentation must be updated.
(…more)
Operations and Maintenance Phase
Configuration managment continues with monitoring and a change control process. Continuous monitoring checks critical security components. Any changes to the usual suspects must be updated.
(…more)
Implementation and Assessment Phase
Integration of security controls, Certification & Accreditation and documentation updates.
(…more)
Initiation Phase
This is where the need and purpose for the information system is defined and documented. This includes System Characterization and the beginnings of Risk Assessment.
(…more)
The Framework
The SDLC framework is a multi-step outline that describes the life cycle of an information system.
(…more)
