The Role of the Security Analyst in the Systems Development Life Cycle
This paper will proceed in a very logical manner to describe how a sequential development life cycle increases in depth as security is applied. Each major portion of the paper will address a phase of the system development lifecycle. In the end, this document will describe a repeatable process where enterprise security policies allow business requirements to be met through the execution of appropriate security strategies and solutions. How the SDLC couples with data security is reflected in diagram 1.0, on page 2. The catalyst for this document stems from real-life experiences while providing security services to application developers. In light, this document may serve as a guide to developers who would like to understand the security analyst role, developers who wish to incorporate the security analyst skill set into the developer skill set, or to those who lack a general understanding of the relationship between data security and the System's Development Life Cycle (SDLC). This document serves as high level guide to expose the relationship between requisite security considerations and the development life cycle.
1601 (PDF, 2.60MB)
5 May 2005Related Content
Denial of Service Deterrence
Research PaperDenial of Service has been a very useful practice for attackers and continues to remain prevalent...
- 1 Apr 2015
Practical El Jefe
Research PaperEl Jefe is open source process monitoring software for Windows. With this tool, incident handlers...
- 31 Mar 2015
Using Influence Strategies to Improve Security Awareness Programs
Research PaperEven companies with extensive, well-funded security awareness programs fall victim to attacks...
- 25 Oct 2013
Talking Out Both Sides of Your Mouth: Streamlining Communication via Metaphor
Research PaperAs Security is a relatively new field, we are still learning how to communicate what we know with...
- 4 Oct 2013
Information Risks and Risk Management
Research PaperThis brief will cover the various exposures that companies now face as they increasingly rely on...
- 1 May 2013
Surfing the Web Anonymously - The Good and Evil of the Anonymizer
Research PaperCompanies of all sizes spend large amounts of time, resources, and money to ensure that their...
- 8 Oct 2012
Robots.txt
Research PaperAlthough this GIAC gold paper is not about search engine optimization, or SEO, this paper will...
- 31 May 2012
A Process for Continuous Improvement Using Log Analysis
Research PaperGood security is a moving target. Walls and castles were once good defenses against attackers, but...
- 26 Oct 2011
Measuring Psychological Variables of Control In Information Security
Research PaperThe effects of an individual's personal feelings of control over aspects of their health have been...
- 12 Jan 2011
Which Disney(c) Princess are YOU?
Research PaperSocial engineering for identity theft has always been around. But now, with the advent of social...
- 18 Mar 2010
Prelude as a Hybrid IDS Framework
Research PaperOrganizations both Large and Small are constantly looking to improve their posture on security....
- 24 Mar 2009
The Importance of Security Awareness Training
Research PaperOne of the best ways to make sure company employees will not make costly errors in regard to...
- 14 Jan 2009
Vendor-Supplied Backdoor Passwords - A Continuing Vulnerability
Research PaperVendor-Supplied Backdoor Passwords - A Continuing Vulnerability
- 26 Sep 2008
Making Security Awareness Efforts Work for You
Research PaperMaking Security Awareness Efforts Work for You
- 20 May 2008
The Controlled Event Framework for Information Asset Security
Research PaperThe Controlled Event Framework for Information Asset Security
- 20 Feb 2008
Data Leakage - Threats and Mitigation
Research PaperData Leakage - Threats and Mitigation
- 24 Oct 2007
Identity Theft
Research PaperThe act of identity theft can be performed by anyone, it could be family, friends or spouses. The...
- 2 Jul 2007
Social Engineering Your Employees to Information Security
Research PaperThis paper will examine the role and value of Information Security Awareness efforts in the...
- 19 Dec 2006
Building a Security Policy Framework for a Large, Multi-national Company
Research PaperInformation Security is not just technology. It is a process, a policy, and a culture. Our...
- 5 May 2005
A Discussion of Spyware
Research PaperWe have secured our networks, implemented 'defense in depth' enforced strong passwords and educated...
- 28 Jan 2005