Security Activities in SDLC

NIST SDLC

SDLC

Source: NIST SP 800-64R2

  • Information Security Policy [NIST SP 800-100 2.2.5]
    An aggregate of directives, rules, and practices that prescribes how an organization manages, protects, and distributes information.
  • Information Security Architecture [NIST SP 800-39 2.4.3]
    A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.
  • Generally Accepted Principles and Practices for Securing Information Technology Systems [NIST SP 800-14]
    SP 800-14 is withdrawn in its entirety. Revised content from the original publication can now be found in the following publications:

  • Information Security Program
    Building an information security program means designing and implementing security practices to protect critical business processes and IT assets. These security practices that make up this program are meant to mature over time. An information security program also helps to define policies and procedures for assessing risk, monitoring threats, and mitigating attacks.

2 thoughts on “Security Activities in SDLC

  1. Pingback: System Security Engineering – Wentz Wu

  2. Pingback: CISSP PRACTICE QUESTIONS – 20200411 by Wentz Wu, CISSP-ISSMP,ISSAP,ISSEP/CCSP/CSSLP/CISM/CISA/CEH/PMP/CBAP

Leave a Reply