Security System Development Life Cycle (SecSDLC) is defined as the set of procedures that are executed in a sequence in the software development cycle (SDLC). It is designed such that it can help developers to create software and applications in a way that reduces the security risks at later stages significantly from the start.
The Security System Development Life Cycle (SecSDLC) is somewhat same as Software Development Life Cycle (SDLC), but they are differ in terms of the activities that are carried out in each phase of the cycle. SecSDLC eliminates security vulnerabilities, its process involves the identification of certain threats and the risks that those threats represent on system as well as the needed implementation of security controls to counter, remove and manage the risks involved. Whereas, in the SDLC process, the focus is mainly on the designs and implementations of an information system.
Phases involved in SecSDLC are:
- System Investigation:
This process is started by the officials/directives working at the top level management in the organisation. The objectives and the goals of project is considered priorly in order to execute this process. An Information Security Policy is defined which contains the descriptions of security applications and programs installed along with their implementations in organisation’s system.
- System Analysis:
In this phase detailed document analysis of the documents from the System Investigation phase are done. Already existing security policies, applications and software are analysed in order to check for different flaws and vulnerabilities in the system. Upcoming threat possibilities are also analyzed. Risk management comes under this process only.
- Logical Design:
The Logical Design phase deal with the development of tools and the following blueprints that are involved in various information security policies their applications and software. Backup and recovery policies are also drafted in order to prevent future losses. In case of any disaster the steps to take in business are also planned. The decision for outsourcing the company project is decided in this phase. It is analyzed whether the project can be completed in the company itself or it needs to be sent to another company for the specific task.
- Physical Design:
The technical teams acquires the tools and blueprints needed for the implementation of the software and application of the system security. During this phase different solutions are investigated for any unforeseen issues which may be encountered in the future, they are analysed and written down in order to cover the most of the vulnerabilities that were missed during the analysis phase.
The solution decided in earlier phases are made final whether the project being in-house or outsource the proper documentation are provided of the product in order to meet the requirements specified for the project to be met. Implementation and the integration process of the project are carried out with the help of various teams aggressively testing whether the product meets the system requirements specified in the system documentations.
After the implementation of the security program it must be insured that it is functioning properly and is managed accordingly. The security program must be kept up to date accordingly in order to counter new threats that can be left unseen at the time of design.
These were the steps that were involved in the SecSDLC cycle with their brief description.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.