Tuesday, November 11, 2014


Chapter 10: System Development Life Cycle
  • A life cycle is a representation of development changes and a project has the following life cycle: initiation, planning, execution and controlling, and closure.
  • A system's life cycle consist of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal. 
  • The basic components of the system development life cycle:
    • Initiation is needed for a new system to be defined
      • When the company establishes a need for a specific system
      • Answer the questions "What do we need and why do we need it?"
      • Primary risk assessment is carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system.
        • the assessment defines the environment in which the system will operate within any identified vulnerabilities.
    • Acquisition/development is when a new system is either created or purchased
      • "buy" or "build" decision - the organization needs to evaluate ithe need for the system and see if it can be developed in-house or if it needs to be purchased from a vendor.
      • Activities that need to take place:
        • Requirements analysis
        • Formal risk assessment
        • Security functional requirements analysis
        • Security assurance requirements analysis
        • Third-party evaluations
        • Security plan
        • Security test and evaluation plan
    • Implementation is when a new system is installed into production environment
      • Before a system can be formally installed within the production environment a certification and accreditation (C&A) processes has to be performed.
      • Certification: the technical testing of a system.
      • Accreditation: formal authorization given by management to allow a system to operate in a specific environment.
    • Operation/maintenance is when the system is used and cared for
      • Within the implementation phase, baselines were set pertaining to the system's hardware, software, and firmware configuration.
      • In the operation/maintenance phase, continuous monitoring needs to take place to ensure that the baselines are always met. 
    • Disposal is when the system is removed from the production environment
      • Disposal activities need to ensure that orderly termination of systems that no longer provide a needed function can take place and all the necessary data are preserved.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)