Академический Документы
Профессиональный Документы
Культура Документы
You should note that the degree by which secure development practices may be enforced must
balance the need for security of the system and the productivity of the processes, or you may end
up changing a security problem into a productiity problem in your development processes. A
recommended tool to help find the right balance is the risk assessment table.
SDLC: System or Software Development Life Cycle?
The acronym SDLC can be attributed either to system or software when considering the
development life cycle. In brief, SDLC covers the following structured processes:
• Planning: thinking about and organizing all activities required to develop the system or
software
• Analysis: gaining a better understanding of what is expected from the system or software
• Design: defining the solution to be implemented
• Implementation: executing the activities required to create the system or software and
make it available to users
• Operation: the effective use of the system or software
India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India
1 .No. 16, First Floor, 70 HK Bld, Y M Road, Masjid Bunder, West Mumbai, India
UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.
Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.
G2 Consulting
• Maintenance: making changes to the system or software to ensure it does not become
obsolete
• Disposition: discarding the system or software
The fundamental difference regarding the term “System/Software” is that the system development
life cycle comprises not only software, but also hardware, data, people, processes, procedures,
facilities, and materials. ISO (International Organization for Standardization) has some standards
covering both the system (ISO/IEC/IEEE 15288:2015 and ISO/IEC TR 90005:2008) and software
(ISO/IEC 12207:2008 and ISO/IEC 90003:2014) approaches.
India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India
2 .No. 16, First Floor, 70 HK Bld, Y M Road, Masjid Bunder, West Mumbai, India
UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.
Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.
G2 Consulting
For more information about secure system engineering principles, see: What are secure
engineering principles in ISO 27001:2013 control A.14.2.5?
The ISO 27001 series also has a set of standards to support security management concepts and
help implement security controls specified to ISO 27002 regarding application security. These are
the standards: ISO/IEC 27034-1:2011, ISO/IEC 27034-2:2015, and ISO/IEC 27034-6:2016.
By adopting SDLC together with A.14 controls from ISO 27001 to securely develop information
systems, an organization can make sure it covers the most common threats and, by treating
security as a process, be systematically and continuously working on maintaining security levels
and keeping its information and systems away from harm, while reaping the benefits of improved
processes.
India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India
3 .No. 16, First Floor, 70 HK Bld, Y M Road, Masjid Bunder, West Mumbai, India
UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.
Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.