Module3-AIS101.pdf
Document Details
Related
- PCSII Depression/Anxiety/Strong Emotions 2024 Document
- A Concise History of the World: A New World of Connections (1500-1800)
- Human Bio Test PDF
- University of Santo Tomas Pre-Laboratory Discussion of LA No. 1 PDF
- Vertebrate Pest Management PDF
- Lg 5 International Environmental Laws, Treaties, Protocols, and Conventions
Full Transcript
INFORMATION ASSURANCE AND SECURITY 1 3 PHASES OF THE SECURITY SYSTEMS DEVELOPMENT LIFE CYCLE MR. DARWIN L. TEBERIO NO. 2 INFORMATION ASSURANCE AND SECURITY PHASES OF THE SECURITY SYSTEMS DEVELO...
INFORMATION ASSURANCE AND SECURITY 1 3 PHASES OF THE SECURITY SYSTEMS DEVELOPMENT LIFE CYCLE MR. DARWIN L. TEBERIO NO. 2 INFORMATION ASSURANCE AND SECURITY PHASES OF THE SECURITY SYSTEMS DEVELOPMENT LIFE CYCLE The main objectives of InfoSec are typically related to ensuring confidentiality, integrity, and availability of company information. Since InfoSec covers many areas, it often involves the implementation of various types of security, including application security, infrastructure security, cryptography, incident response, vulnerability NO. 2 INFORMATION ASSURANCE AND SECURITY System Development Life Cycle An effective System Development Life Cycle (SDLC) should result in a high quality system that meets customer expectations, reaches completion within time and cost evaluations, and works effectively and efficiently in the current and planned Information Technology infrastructure. NO. 2 INFORMATION ASSURANCE AND SECURITY PLANNING ANALYSIS ANALYSIS IMPLEMENTATION DESIGN DESIGN IMPLEMENTATION MAINTENANCE MAINTENANCE PLANNING NO. 2 INFORMATION ASSURANCE AND SECURITY 1. The Systems Development Life Cycle 2. The Security Systems Development Life Cycle 3. Security Professionals and the Organization NO. 2 INFORMATION ASSURANCE AND SECURITY The Systems Development Life Cycle System Development Life Cycle (SDLC) is a conceptual model which includes policies and procedures for developing or altering systems throughout their life cycles. SDLC is used by analysts to develop an information system. SDLC includes the following activities − Requirements Design Implementation Testing Deployment Operations Maintenance NO. 2 INFORMATION ASSURANCE AND SECURITY Phases of SDLC Systems Development Life Cycle is a systematic approach which explicitly breaks down the work into phases that are required to implement either new or modified Information System. NO. 2 INFORMATION ASSURANCE AND SECURITY Feasibility Study or Planning Define the problem and scope of existing system. Overview the new system and determine its objectives. Confirm project feasibility and produce the project Schedule. During this phase, threats, constraints, integration and security of system are also considered. A feasibility report for the entire project is created at the end of this phase. NO. 2 INFORMATION ASSURANCE AND SECURITY Application lifecycle management NO. 2 INFORMATION ASSURANCE AND SECURITY Analysis and Specification Gather, analyze, and validate the information. Define the requirements and prototypes for new system. Evaluate the alternatives and prioritize the requirements. Examine the information needs of end-user and enhances the system goal. A Software Requirement Specification (SRS) document, which specifies the software, hardware, functional, and network requirements of the system is prepared at the end of this phase. NO. 2 INFORMATION ASSURANCE AND SECURITY System Design Includes the design of application, network, databases, user interfaces, and system interfaces. Transform the SRS document into logical structure, which contains detailed and complete set of specifications that can be implemented in a programming language. Create a contingency, training, maintenance, and operation plan. Review the proposed design. Ensure that the final design must meet the requirements stated in SRS document. Finally, prepare a design document which will be used during next phases. NO. 2 INFORMATION ASSURANCE AND SECURITY IMPLEMENTATION Implement the design into source code through coding. Combine all the modules together into training environment that detects errors and defects. A test report which contains errors is prepared through test plan that includes test related tasks such as test case generation, testing criteria, and resource allocation for testing. Integrate the information system into its environment and install the new system. NO. 2 INFORMATION ASSURANCE AND SECURITY Maintenance/Support Include all the activities such as phone support or physical on-site support for users that is required once the system is installing. Implement the changes that software might undergo over a period of time, or implement any new requirements after the software is deployed at the customer location. It also includes handling the residual errors and resolve any issues that may exist in the system even after the testing phase. Maintenance and support may be needed for a longer time for large systems and for a short time for smaller systems. NO. 2 INFORMATION ASSURANCE AND SECURITY Life Cycle of System Analysis and Design The following diagram shows the complete life cycle of the system during analysis and design phase. NO. 2 INFORMATION ASSURANCE AND SECURITY NO. 2 INFORMATION ASSURANCE AND SECURITY Role of System Analyst The system analyst is a person who is thoroughly aware of the system and guides the system development project by giving proper directions. He is an expert having technical and interpersonal skills to carry out development tasks required at each phase. He pursues to match the objectives of information system with the organization goal. NO. 2 INFORMATION ASSURANCE AND SECURITY Main Roles Defining and understanding the requirement of user through various Fact finding techniques. Prioritizing the requirements by obtaining user consensus. Gathering the facts or information and acquires the opinions of users. Maintains analysis and evaluation to arrive at appropriate system which is more user friendly. NO. 2 INFORMATION ASSURANCE AND SECURITY Main Roles Suggests many flexible alternative solutions, pick the best solution, and quantify cost and benefits. Draw certain specifications which are easily understood by users and programmer in precise and detailed form. Implemented the logical design of system which must be modular. Plan the periodicity for evaluation after it has been used for some time, and modify the system as needed. NO. 2 INFORMATION ASSURANCE AND SECURITY Attributes of a Systems Analyst - The following figure shows the attributes a systems analyst should possess NO. 2 INFORMATION ASSURANCE AND SECURITY Interpersonal Skills Interface with users and programmer. Facilitate groups and lead smaller teams. Managing expectations. Good understanding, communication, selling and teaching abilities. Motivator having the confidence to solve queries. NO. 2 INFORMATION ASSURANCE AND SECURITY Analytical Skills System study and organizational knowledge Problem identification, problem analysis, and problem solving Sound commonsense Ability to access trade-off Curiosity to learn about new organization NO. 2 INFORMATION ASSURANCE AND SECURITY Management Skills Understand users jargon and practices. Resource & project management. Change & risk management. Understand the management functions thoroughly. NO. 2 INFORMATION ASSURANCE AND SECURITY Technical Skills Knowledge of computers and software. Keep abreast of modern development. Know of system design tools. Breadth knowledge about new technologies. NO. 2 INFORMATION ASSURANCE AND SECURITY What Is Security System Development Life Cycle? Today, security of software applications and databases has become as important as the software and data itself. Security forms a major aspect of the business development process. NO. 2 INFORMATION ASSURANCE AND SECURITY Systems Investigation 1.Directives normally emanating from top level management initiates this investigative process. 2.The overall objective, goal and budget of the project are brought into perspective. An Information Security Policy is defined which details the various security programs and their implementation plans within the organization. NO. 2 INFORMATION ASSURANCE AND SECURITY Systems Analysis 1. In the System Analysis phase, detailed document analysis, of the documents from the investigative phase, is done. 2. Existing security policies, software and applications are analyzed and assessed. 3. Current threats, new risks and their associated internal controls are evaluated. 4. During the systems analysis phase, the process of Risk Management commences. Risk Management is defined as the series of processes that identify and evaluate current and future risks and vulnerabilities. NO. 2 INFORMATION ASSURANCE AND SECURITY Logical Design 1.The Logical Design phase involves the development of tools and blueprints of the various information security policies. 2.Backup and recovery processes and details of the organization’s incidence response actions are laid out. 3.Details of business response action to disaster are carefully planned. The decision as to whether the project is developed in-house or outsourced, is reached during this phase. NO. 2 INFORMATION ASSURANCE AND SECURITY Physical Design This is the point at which the technical teams move into action. The information security technology that will be needed for the implementation of the all blueprints and analysis, detailed during the logical design phase, are evaluated and acquired. During this phase, alternative solutions investigated for any unforeseen issues which may arise, are analysed and mapped out. All the different teams at this point issue their stamp of approval of all processes and the green light is given to proceed. NO. 2 INFORMATION ASSURANCE AND SECURITY Implementation The security solutions decided and approved are acquired, whether built in-house or outsourced. Adequate documentation is provided on specifications of the product to ensure project specifications are met. Their implementation and integration processes are rolled out, with various teams carrying out intensive testing to ensure that the solutions meet the requirements outlined in the various blueprints and policies. NO. 2 INFORMATION ASSURANCE AND SECURITY Information Security Organizations Security is an area that can make or break a company. Keeping sensitive digital information private and protecting technical systems from viruses and hackers is critical. Because of this, it is one of the few specialty areas within information technology where companies will continue to invest money even in an economic downturn. NO. 2 INFORMATION ASSURANCE AND SECURITY 1. (ISC)2 (International Information Systems Security Certification Consortium) The International Information Systems Security Certification Consortium, or (ISC)2, is a highly regarded, global, not-for-profit leader in educating and certifying information security professionals. NO. 2 INFORMATION ASSURANCE AND SECURITY 1. ISACA (Information Systems Audit and Control Association) ISACA is a global professional organization for information governance, control, security and audit professionals. The standards set by ISACA are followed worldwide. They offer several professional certifications, industry publications, and conferences. NO. 2 INFORMATION ASSURANCE AND SECURITY ITP (Association of Information Technology Professionals) The AITP is a society for IT professionals worldwide. It features webinars, conferences, local chapters, awards for professionals and students, a career center with a jobs board, and plenty of networking options. They describe their core values as “integrity, respect, innovation, and service.” Founded in 1961 as NMAA (an association for accountants), it evolved into DPMA (for data processing professionals) before taking its current form in 1996. It has over 4500 members nationally. NO. 2 INFORMATION ASSURANCE AND SECURITY ITIL (Information Technology Infrastructure Library) The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations. ITIL certifications are managed by the ITIL Certification Management Board (ICMB) which is composed of the OGC, IT Service Management Forum International and two examinations institutes: EXIN (based in the Netherlands) and ISEB (based in the UK). NO. 2 INFORMATION ASSURANCE AND SECURITY Forum of Incident Response and Security Teams As its name implies, FIRST is a forum that allows information security incident response teams to share their experiences, tips, and information. Beyond the forum itself, the organization holds technical colloquia, sponsors meetings, and conferences, and features mailing lists and Web repositories where teams can share information and other resources. To become a member, you must be nominated by an existing member and have a sponsor perform a site visit. Once you're accepted, the organization requires you to comply with rules and bylaws, retaining the power to revoke membership is members do not cooperate. NO. 2 INFORMATION ASSURANCE AND SECURITY The SANS Institute Described as the “most trusted” source for information security training worldwide, SANS offers courses and certifications in a wide variety of security-related niches. It was established in 1989, and its programs have educated thousands of people (currently over 12,000 a year) since then. Founded initially as a research organization, SANS offers many kinds of educational resources for security professionals beyond courses, including blogs, papers, webcasts, and newsletters. NO. 2 INFORMATION ASSURANCE AND SECURITY ISSA (Information Systems Security Association) This nonprofit association focuses on providing networking and professional growth options for cyber security professionals worldwide. They host conferences, organize local chapters and committees, and distribute information through newsletters and a monthly journal. Members must follow the ISSA code of ethics to retain their affiliated status. NO. 2 INFORMATION ASSURANCE AND SECURITY CIS (Center for Internet Security) CIS delivers solutions and information for many security- related needs. It caters more to corporate entities (in both the public and private sectors) than to individuals. The organization provides resources for training and workforce development, compiles reports and case studies on industry topics, and offers various products and services (many of which are free or steeply discounted). NO. 1 INFORAMTION ASSURANCE AND SECURITY 1 1. To summarize, information is a critical part of any organization and investing on the right service provider keeps your business in safe hands in the ever-expanding IoT (Internet of Things) world. 2. A scalable and customized cyber security-driven business model includes disaster-recovery capabilities and secures data and the underlying infrastructure of the organization, thus building a safe barrier for the information even before it is attacked and saving the organization from a loss of billions of dollars that could result from the security threat. NO. 1 INFORAMTION ASSURANCE AND SECURITY 1 PN-3.1.1 Systems Development Life Cycle (SDLC) Pen & Paper or MS Word Computer(optional) Cellphone(Optional) NO. 1 INFORAMTION ASSURANCE AND SECURITY 1 PN-3.1.1 1.Think one industry and apply the concept of SDLC. 2.First explain the used of SDLC? 3.Create a Graphical flow to evaluate the SDLC concept. 4.Illustrate the System Development Life Cycle using Flowchart. NO. 1 INFORAMTION ASSURANCE AND SECURITY 1 “Sometimes the best thing you can do is not think, not wonder, not imagine, not obsess. Just breathe and have faith that everything will work out for the best.”
