SDLC & SSDLC

Cycle

Outline project scope and goals

Phases Estimate costs

Phase 1: Investigation Evaluate existing resources

Analyze feasibility

Steps common to both the systems

development life cycle and the

security systems development life Steps unique to the security Phase 2: Analysis

systems development life cycle SDLC & SSDLC

Management defines project

processes and goals and documents Steps common to both the systems

these in the program security development life cycde and the

policy security systems development life

cycle
Assess current system against plan Examine legal issues

developed in Phase 1 Perform risk analysis

Develop preliminary system

requirements Phase 3: Logical Design

Study integration of new system Steps common to both the systems

with existing system development life cyde and the

Document findings and update security systems development life Steps unique to the security

feasibility analysis cycle

Assess current business needs

Steps unique to the security against plan developed in Phase 2 Plan incident response actions

systems development life cycle Select applications, data support,

Analyze existing security policies and structures

and programs Generate multiple solutions for

Analyze current threats and consideration

controls Document findings and update

feasibility analysis
 Phase 3

Phases Select the best solution

Decide to make or buy

systems development life cycle components

Develop security blueprint Document findings and update

feasibility analysis

Plan business response to disaster

Determine feasibility of continuing Select technologies needed to

andor outsourcing the project support security blueprint

Develop definition of successful

solution

Phase 4: Physical Design Design physical security measures

to support techno logical

solutions

Select technologies to support Review and approve project

solutions developed in
 approval

Phase 5: Implementation Security Professionals and the Organizatio

Develop or buy software Wide range of professionals required to support a

Order components diverse information security program

Document the system

Train users Senior management is key component; also,

Update feasibility analysis additional administrative support and technical

Present system to users

Test system and review expertise are required to implement details of IS

performance

program

Buy or develop security solutions

At end of phase, present tested

package to management for

Senior Management

Chief Information Officer (CIO)

Senior technology officer

Primarily responsible for advising senior executives on

strategic planning

Chief Information Security Officer (CISO)

Primarily responsible for assessment, management,

and implementation of IS in the organization

Usually reports directly to the CIO