0% found this document useful (0 votes)
7 views3 pages

ACTIVI3

Uploaded by

Richardd Onog
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
7 views3 pages

ACTIVI3

Uploaded by

Richardd Onog
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Ave Maria College

COLLEGE OF INFORMATION TECHNOLOGY


HEI Unique Institutional Identifier: 09077
PC 14_IAS 321-Information Assurance and Security 2

Name: _______________________________________ Score: _________________


Program & Year: _____________________________ Date: __________________

Activity 2: Reflection Paper- The Importance of Security Throughout the System Life Cycle

Security in information systems is a multifaceted issue that touches every aspect of technology and, by
extension, modern life. As we continue to delve deep into an era where data breaches and cyber threats
are not just common but expected, the concept of system security has never been more critical.
Fundamental to system security is the understanding that it is not a one-time activity but a continuous
process that is intrinsically tied to the system life cycle, which includes phases such as initiation,
development/acquisition, implementation, operation/maintenance, and disposition.
The system life cycle is a framework that guides the thorough development, deployment, and
decommissioning of a system. Aligning system security principles with each phase is paramount.
During the initiation phase, security requirements are identified alongside system objectives to ensure a
robust security posture from the start. Moving into development and acquisition, security must be
integrated within the system architecture, and secure coding practices must be adopted to mitigate the
risks of vulnerabilities.
As someone who has worked on various technology projects, I have come to appreciate the nuances of
ensuring security from inception. I vividly recall an incident in which a web application we developed
faced a significant security risk because security considerations were not thoroughly integrated during
the development phase. A SQL injection vulnerability was discovered soon after deployment,
something that could have been prevented with proper security coding practices. It taught us an
expensive lesson: neglecting security at any stage is not only dangerous but can have devastating
consequences.
Throughout my studies and experiences, I've seen firsthand how lapses in security can lead to data loss,
financial damage, and a loss of trust and reputation that can be far more debilitating than the immediate
tangible losses. It is this understanding that has significantly changed my perspective on the importance
of security. I've learned to respect the principle of 'security by design,' which is not just a buzzword but
a critical strategy for reducing risks in the increasingly complex and interconnected digital landscape.
However, ensuring continuous security throughout the system life cycle is not without its challenges.
Balancing functionality, performance, and security is an ongoing struggle. It often requires trade-offs
that can sometimes push security lower on the list of priorities. There are also ethical considerations –
like ensuring user privacy and handling data responsibly – which must be integrated within the security
framework.
Moreover, the ever-evolving nature of cyber threats means that system security is a moving target.
What's secure today may not be tomorrow, and keeping up with the latest threats, as well as the legal
and regulatory requirements, adds another layer of complexity.
In conclusion, reflecting on the importance of security throughout the system life cycle reinforces the
idea that security is not an afterthought or a box to be checked upon completion but is rather a guiding
principle that should shape each phase of the system's life. A security-centric approach in system
development not only protects the system and its data but also sustains the trust of users and
stakeholders, thereby underpinning the success and longevity of the system itself. The key takeaway
from my studies, experiences, and observations is that the cost of integrating security at every stage is
far less than the cost of neglecting it—it's an investment into the system's resilience and, ultimately, into
the welfare of those who rely on it.
Ave Maria College
COLLEGE OF INFORMATION TECHNOLOGY
HEI Unique Institutional Identifier: 09077
PC 14_IAS 321-Information Assurance and Security 2

Name: _______________________________________ Score: _________________


Program & Year: _____________________________ Date: __________________

Risk Identification:
 Objective: To identify all potential threats and opportunities that may impact a project, system, or
organization.
 Steps:
1. Brainstorming sessions with stakeholders to generate a comprehensive list of risks.
2. Reviewing historical data, industry trends, and lessons learned from previous projects to identify
potential risks.
3. Conducting risk workshops or surveys to gather input from experts and team members.
4. Utilizing risk identification tools and techniques, such as fault tree analysis, FMEA (Failure
Mode and Effects Analysis), or SWOT (Strengths, Weaknesses, Opportunities, and Threats)
analysis.
Risk Assessment:
 Objective: To evaluate the identified risks in terms of their likelihood and potential impact.
 Steps:
1. Assigning likelihood and impact scores to each risk based on qualitative or quantitative analysis.
2. Calculating the overall risk score for each risk by multiplying likelihood and impact scores.
3. Prioritizing risks based on their overall risk scores to determine which ones require immediate
attention and resources.
4. Conducting risk analysis workshops or meetings with stakeholders to validate and refine risk
assessments.
Risk Control:
 Objective: To develop and implement strategies to mitigate, transfer, accept, or avoid the identified
risks.
 Steps:
1. Identifying and evaluating risk control options for each risk, considering factors such as cost,
effectiveness, and feasibility.
2. Developing risk control plans that outline the specific actions to be taken to address each risk,
including responsibilities, timelines, and budgets.
3. Implementing risk control measures, such as implementing new policies or procedures,
enhancing security measures, or purchasing insurance.
4. Monitoring the effectiveness of risk control measures and making adjustments as needed.

You might also like