Scribd
Upload
131 views3 pages

Software Development Security - SDLC & C&A

The document discusses the seven phases of the Systems Development Life Cycle (SDLC): requirements gathering and analysis, design, implementation/coding/development, testing, deployment, maintenance, and certification and accreditation. It also describes the Capability Maturity Model Integrated (CMMI), which aims to institutionalize predefined delivery practices to increase the probability of successful project completion. The CMMI model has five maturity levels from initial to optimizing.

Uploaded by

Martin Brown
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
131 views3 pages

Software Development Security - SDLC & C&A

The document discusses the seven phases of the Systems Development Life Cycle (SDLC): requirements gathering and analysis, design, implementation/coding/development, testing, deployment, maintenance, and certification and accreditation. It also describes the Capability Maturity Model Integrated (CMMI), which aims to institutionalize predefined delivery practices to increase the probability of successful project completion. The CMMI model has five maturity levels from initial to optimizing.

Uploaded by

Martin Brown
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SDLC & C&A

The (7) Phases of the SDLC:

PLANNING IS FIRST !!!

a. Requirements Gathering & Analysis - main focus of the


project managers and stake holders. Meetings with managers, stake
holders and users are held in order to determine the requirements
like; Who is going to use the system? How will they use the system?
What data should be input into the system? What data should be
output by the system? A Requirement Specification document is
created which acts as a guideline for the next phase of the model.

NOTE:

non-functional requirements describe how the system works

functional requirements describe what the system should do

b. Design - system and software design is prepared from the


requirement specifications which were crafted in the first phase.
System Design helps in specifying hardware and system requirements
and also helps in defining overall system architecture. The system
design specifications serve as input for the next phase of the
model. Architecture, Outputs & Interfaces | Data input, flow &
output defined related to security architecture | Goal is to
transform detailed requirements into a complete, detailed design
document focused on how we are going to deliver required
functionality

c. Implementation / Coding / Development - work is divided


into modules/units and actual coding is started. This is the longest
phase of the software development life cycle.

d. Testing - After the code is developed it is tested


against the requirements to make sure that the product is actually
solving the needs addressed and gathered during the requirements
phase. During this phase all types of functional testing like unit
testing, integration testing, system testing, acceptance testing are
done as well as non-functional testing.

Testing guidance:

1. Test with data that brackets acceptable usage ranges


2. Test with sanitized, known good data, but NEVER
production data
3. IF production data must be used, ALWAYS seek owner
approval
4. Test all changes
5. Separation between testing & production must be
maintained
6. Management should acknowledge results of tests
e. Deployment - After successful testing the product is
delivered / deployed to the customer for their use. Involves the
actual installation of the newly-developed system. Puts the project
into production. Must resolve problems identified in Integration &
testing.

f. Maintenance - Maintain system(s) in production


environment

Certification and Accreditation (Security Authorization) -

Certification - process of evaluating the security architecture of


the software or system against a predetermined set of security
standards or policies. Certification also examines how well the
system performs its intended functional requirements.

Accreditation - acceptance of risk by senior management associated


with operating a system or piece of software for a specified period
of time

2 types: provisional and full

Provisional is for a specific period and outlines required changes


to the applications, system, or accreditation documentation.

Full implies that no changes are required for making the


accreditation decision.

NOTE: management may choose to accredit a system that has failed


certification or may refuse to accredit a system even if it has been
certified correct.

2. Maturity models -

The Capability Maturity Model Integrated (CMMI) is intended to


institutionalize a collection of pre-defined delivery practices and
ensure their consistent execution so as to increase the probability
that a team or organization can successfully complete projects. The
definition of “successful” includes completing the project on time
and in budget.

In CMMI models with a staged representation, there are five maturity


levels designated by the numbers 1 through 5 as shown below:

1. Initial - process is not standardized or repeatable; poorly


controlled and reactive

2. Managed - process is characterized for projects but is often


reactive

3. Defined - process is characterized for the organization and is


proactive

4. Quantitatively Managed - process is measured and controlled

5. Optimizing - focus on process improvement

You might also like