Security System Life Cycle(SDLC)

The Security Systems Development Life Cycle:-

 The same phases used in traditional SDLC may be adapted to support specialized

implementation of an IS project

 Investigation

 Analysis

 Logical design

 Physical design

 Implementation

 Maintenance & change

 Identification of specific threats and creating controls to counter themTnlearners.com,edu.finstechnologies.com,webexpo Tnlearners.com,edu.finstechnologies.com,webexpo

Senior Management

 Chief Information Officer (CIO)

 Senior technology officer

 Primarily responsible for advising senior executives on strategic planning

 Chief Information Security Officer (CISO)

 Primarily responsible for assessment, management, and implementation of IS in

the organization

 Usually reports directly to the CIO

Information Security Project Team

 A number of individuals who are experienced in one or more facets of required technical and nontechnical areas:

 Champion

 Team leader

 Security policy developers

 Risk assessment specialists

 Security professionals

 Systems administrators

 End users

Data Ownership

 Data owner: responsible for the security and use of a particular set of information

 Data custodian: responsible for storage, maintenance, and protection of information

 Data users: end users who work with information to perform their daily jobs supporting the mission of the organization

Information Security: Is it an Art or a Science?

 Implementation of information security often described as combination of art and science

 ―Security artesan‖ idea: based on the way individuals perceive systems technologists

since computers became commonplace

Security as Art

 No hard and fast rules nor many universally accepted complete solutions

 No manual for implementing security through entire system

Security as Science

 Dealing with technology designed to operate at high levels of performance

 Specific conditions cause virtually all actions that occur in computer systems

 Nearly every fault, security hole, and systems malfunction are a result of interaction of specific hardware and software

 If developers had sufficient time, they could resolve and eliminate faults

Security as a Social Science

 Social science examines the behavior of individuals interacting with systems

 Security begins and ends with the people that interact with the system

 Security administrators can greatly reduce levels of risk caused by end users, and create more acceptable and supportable security profiles