Security Activities in SDLC



Source: NIST SP 800-64R2

  • Information Security Policy [NIST SP 800-100 2.2.5]
    An aggregate of directives, rules, and practices that prescribes how an organization manages, protects, and distributes information.
  • Information Security Architecture [NIST SP 800-39 2.4.3]
    A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.
  • Generally Accepted Principles and Practices for Securing Information Technology Systems [NIST SP 800-14]
    SP 800-14 is withdrawn in its entirety. Revised content from the original publication can now be found in the following publications:

  • Information Security Program
    Building an information security program means designing and implementing security practices to protect critical business processes and IT assets. These security practices that make up this program are meant to mature over time. An information security program also helps to define policies and procedures for assessing risk, monitoring threats, and mitigating attacks.

One thought on “Security Activities in SDLC

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.