Irene Anderson
CMGT/582 - CIS Security and Ethics
June 23, 2014
Krystal Hall
System Development Life Cycle
“Both risk governance and regulatory requirements emphasize the need for an effective risk management plan. And to effectively manage risk, it is important that definitions of the risk management plan objectives are clear from the start, so that the plan can head in the right direction. Risk management of information assets also provides a strong basis for information security activities, such as controlling risk to the confidentiality, integrity, and availability of information aligning mitigation efforts with business objectives, and providing cost-effective solutions after analyzing …show more content…
“Adapting the process includes existing system certifications and evaluations of products. Users of the process must align the process with their program strategies and integrate the activities into their enterprise system life cycle. While the NIACAP maps to any system life cycle process, its four phases are independent of the life cycle strategy. While developed for national security systems, the NIACAP may, at an agency’s discretion, be adapted to any type of IS and any computing environment and mission subject to the policies found in OMB Circular A-130, Appendix III and the standards and guidance issued by the National Institute of Standards and Technology (NIST)” (National Security Telecommunications and Information Systems Security Committee, 2000, p. 1).
NIST Special Publication 800-64, rev. 1, provides an overview of the security considerations for each phase of the SDLC – “Each SDLC phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described or will have developed a tailored SDLC that meets their specific needs. Based on NIST recommendation, organizations should incorporate associated IT security steps of the general SDLC into their development process” (Whitman, 2012, p. 24).
Integrating security activities into the SDLC, allow organizations to get the