Archive for SDLC Framework

You are browsing the archives of SDLC Framework.

Holistic Information System Security

Too often, we think about and plan our information security in terms of protecting pieces of the system. We use firewalls and Anti-Virus (AV) software and intrusion detection and integrity checking and many more techniques to provide needed protections to various pieces. But we may not be paying enough attention to the gaps between the […]

Cloud Security as an Interconnection

Connecting your information system to a cloud is an interconnection. NIST guidance on handling the security of interconnections is documented in SP 800-47 “Security Guide for Interconnecting Information Technology Systems”. The security protections required for an interconnection will depend upon the nature of the connection being established. If the connection uses a clearly limited profile […]

Interconnection Security

The most fundamental reason to interconnect systems is to share data, but that can be accomplished at a variety of levels. A system interconnection can be limited and simple, using email to transfer data between systems, or it could allow two databases to share data. It can be a connection that is only used when […]

Patch and Vulnerability Management

NIST 800-40 “Creating a Patch and Vulnerability Management Program” describes the functions and processes that a patch and vulnerability management program should cover in order to maintain effective security. Importance of patch management As operating systems, applications and utility tools continue to manifest exploitable flaws, rapid application of security patches becomes critical to security. Attackers […]

Inventory

Inventory is one of the earliest processes in the System Development Life Cyle (SDLC) and also one of the most critical. It is a sub-process of both the System Characterization process and the Configuration Management process and the output from it either directly feeds many other processes or has significant influence over them. An accurate […]

Implementation

Implementation

In addition to the IMPLEMENTATION Phase of the SDLC, smaller pieces of the general implementation process are scattered across other parts of the framework.
(…more)

Processes and Controls

Processes and Controls

Here are some processes across the SDLC Framework and related controls.
(…more)

Disposal Phase

Disposal Phase

Information needs to be preserved, then media sanitized, then hardware and software can be disposed of properly. Documentation must be updated.
(…more)

Operations and Maintenance Phase

Operations and Maintenance Phase

Configuration managment continues with monitoring and a change control process. Continuous monitoring checks critical security components. Any changes to the usual suspects must be updated.
(…more)

Implementation and Assessment Phase

Implementation and Assessment Phase

Integration of security controls, Certification & Accreditation and documentation updates.
(…more)