HomeworkLib
Question

The text book on page 123 introduces the concept of a secure system development lifecycle (SecSDLC)....

The text book on page 123 introduces the concept of a secure system development lifecycle (SecSDLC). If you were running an information security program, what would be the key activities you would want to ensure are occurring before systems are promoted to production?

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

Generally speaking, a secure SDLC is set up by adding security-related activities to an existing development process. For example, writing security requirements alongside the collection of functional requirements, or performing an architecture risk analysis during the design phase of the SDLC.

There are definitely some actions that can be taken in your day-to-day activities to improve the security posture of your organization, including:

  • Educate yourself and co-workers on the best secure coding practices and available frameworks for security.
  • Consider security when building/planning for test cases.
  • Use code scanning tools such as SecureAssist, Coverity, and AppScan Source

The Three Security Goals Are Confidentiality, Integrity, and Availability should be secured.

Here are certain components and documentation that your security program should include:

Charter — Your charter is an organizationally-approved document that defines how your security program will work in the context of the overall organization, with things such as scope, mission, mandate, and other things.

Policies — These define how your organization will address security issues. Policies are derived from your requirements and establish the standards and guidelines for your program.

Processes — Your processes are the procedures that ensure your security program is both repeatable and efficient. This document will help you identify the business rules, roles and responsibilities, and tools your organization will use to perform security activities.

Measurement — This is one of the most important security program components. Measuring how your program is performing in your environment will help you determine what improvements need to be made.

0 0
Add a comment
Know the answer?
Add Answer to:
The text book on page 123 introduces the concept of a secure system development lifecycle (SecSDLC)....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • List the six phases of the System Development Life Cycle (as described in my notes and the book in chapter 10). For eac...

    List the six phases of the System Development Life Cycle (as described in my notes and the book in chapter 10). For each phase, describe two tasks that are performed in that phase. Bullet points are the recommended approach to answering this question. List the five phases of the Program Development Life Cycle (as described in my notes and the book in chapter 11). For each phase, describe two tasks that are performed in that phase. Bullet points are the...

  • Apply the four-stage New Product Development model shown in page 325 of your text book (Concept...

    Apply the four-stage New Product Development model shown in page 325 of your text book (Concept generation, Project assessment and selection, Product development, and Product commercialization) to Philips new product development strategies or programs identified in this case study. NewConceptDevelopment atPhilipsPhilips has aproud historyof innovation and has been responsibleforlaunchingseveral ‘new tothe world’product categories, like X-raytubes inits earlydays, theCompact Cassette in the1960s followed bytheCompact Disc in the1980s, and morerecentlyAmbilight TV. These successesarelinked toPhilips’ deep understandingof innovation, enablednotablybysignificant R&D investments and strongtraditionsin...

  • Help me normalize this data for a text document. I am struggling to grasp this concept...

    Help me normalize this data for a text document. I am struggling to grasp this concept and I keep getting stuck and losing points. UNF: student(Name,HomeMobilePhoneNumbers,StudentID,MajorCode1,MajorTitle1,MajorCode2,MajorTitle2,MajorCode3,MajorTitle3) 3NF: Table field meanings are: Three data rows: Do not place any extra text in the text file other than as directed in steps 3 thru 5. The student table field meanings are: Name is the student's full name. HomeMobilePhoneNumbers is the student's home phone number followed by the student's mobile phone number. Not...

  • A new version of the operating system is being planned for installation into your department’s production...

    A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...

  • On page 180 of the text there is a very simple personal example of three roommates...

    On page 180 of the text there is a very simple personal example of three roommates who set up cost allocation. The allocation was for rent, TV, internet and groceries. The the cost allocation system was using the three roommates as equals so the cost allocation was the total cost divided by three. That method worked our for a short period of time then each roommate found specific reasons why that cost allocation system did not work "fairly". One example...

  • 2) Do question 43 of page 135-36 in your text book. Show your work in excel...

    2) Do question 43 of page 135-36 in your text book. Show your work in excel file. could you please pdf it to me 136 CHAPTER 6 Association between Quantitative Variables of mistakes made by 15 data entry clerks who enter medical data from case report forms. T are submitted ies of the perform illnesses. The column Entered indicates the number hese forms by doctors who participate in stud- ance of drugs for treating various of values entered, and the...

  • Security is an important feature of information systems. Often, text is encrypted before being sent, and...

    Security is an important feature of information systems. Often, text is encrypted before being sent, and then decrypted upon receipt. We want to build a class (or several classes) encapsulating the concept of encryption. You will need to test that class with a client program where the main method is located. For this project, encrypting consists of translating each character into another character. For instance, if we consider the English alphabet, including characters a through z, each character is randomly...

  • LO 2 8-47 Target costing Mercedes-Benz All Activity Vehicle (AAV)'3 Introduction During the recession beginning in...

    LO 2 8-47 Target costing Mercedes-Benz All Activity Vehicle (AAV)'3 Introduction During the recession beginning in the early 1990s, Mercedes-Benz (MB) struggled with product development, cost efficiency, material purchasing, and problems in adapting to changing mar- kets. In 1993, these problems caused the worst sales slump in decades, and the luxury car maker lost money for the first time in its history. Since then, MB has streamlined the core business, re- duced parts and system complexity, and established simultaneous engineering...

  • C++ please Project: Working with Text Write an object-oriented program the performs the following tasks: ....

    C++ please Project: Working with Text Write an object-oriented program the performs the following tasks: . Reads a text file provided along with this data and maintains it an object. Determines the number of characters and keeps in the object. Determines the number of words and retains the result in the object. Determines the number of paragraphs and keeps the result in the object. A possible class definition: class Textutil { string text = ** int words = @; int...

  • Two questions that deserve answers. Often, it’s a business’s research and development activities that provide answers...

    Two questions that deserve answers. Often, it’s a business’s research and development activities that provide answers to the above questions (and many more) that can literally determine if a company is a success or a failure. Take the case of Ford. Never has the automobile industry been more competitive than it is today. Ford competes with GeneralMotors, Toyota, Chrysler, Nissan, Honda, Testla, and other automobile companies. While there are competitors, most people recognize the name Ford and the Ford emblem...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT