Benefits of integrating security into SDLC

8 Feb

The system development life cycle is the overall process of developing, implementing,
and retiring information systems through a multistep process from initiation, analysis,
design, implementation, and maintenance to disposal. There are many different SDLC
models and methodologies, but each generally consists of a series of defined steps or
phases. For any SDLC model that is used, information security must be integrated into
the SDLC to ensure appropriate protection for the information that the system will
transmit, process, and store.
Applying the risk management process to system development enables organizations to
balance requirements for the protection of agency information and assets with the cost of
security controls and mitigation strategies throughout the SDLC. Risk management
processes identify critical assets and operations, as well as systemic vulnerabilities across
the organization. Risks are often shared throughout the organization and are not specific
to certain system architectures.
Some of the benefits of integrating security into the system development life cycle
include:

  •  Early identification and mitigation of security vulnerabilities and problems with

the configuration of systems, resulting in lower costs to implement security
controls and mitigation of vulnerabilities;

  •  Awareness of potential engineering challenges caused by mandatory security

controls;

  •  Identification of shared security services and reuse of security strategies and tools

that will reduce development costs and improve the system’s security posture
through the application of proven methods and techniques;

  • Facilitation of informed executive decision making through the application of a

comprehensive risk management process in a timely manner.

  •  Documentation of important security decisions made during the development

process to inform management about security considerations during all phases of
development;

  •  Improved organization and customer confidence to facilitate adoption and use of

systems, and improved confidence in the continued investment in government
systems; and

  • Improved systems interoperability and integration that would be difficult to

achieve if security is considered separately at various system levels.

Source: http://www.itl.nist.gov/lab/bulletns/b-04-09.pdf

2 Responses to “Benefits of integrating security into SDLC”

  1. sad111353781 February 27, 2013 at 7:23 pm #

    Really good blog🙂

  2. sad111456588 February 28, 2013 at 9:18 pm #

    very thorough! good job🙂

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: