Security Activities in SDLC

SDLC

Source: NIST SP 800-64R2

  • Information Security Policy [NIST SP 800-100 2.2.5]
    An aggregate of directives, rules, and practices that prescribes how an organization manages, protects, and distributes information.
  • Information Security Architecture [NIST SP 800-39 2.4.3]
    A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.
  • Generally Accepted Principles and Practices for Securing Information Technology Systems [NIST SP 800-14]
    SP 800-14 is withdrawn in its entirety. Revised content from the original publication can now be found in the following publications:

  • Information Security Program
    Building an information security program means designing and implementing security practices to protect critical business processes and IT assets. These security practices that make up this program are meant to mature over time. An information security program also helps to define policies and procedures for assessing risk, monitoring threats, and mitigating attacks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: