CISSP Study Guide
December 15, 2022

CISSP Study Guide: System Development Life Cycle (SDLC)

Cybrary
Share

The System Development Life Cycle (SDLC) is a structure for system development. Its purpose is to manage the development process and implement security at each stage of the development process. The principal elements of the SDLC are listed in “Generally Accepted Principles and Practices for Securing Information Technology Systems” (SP 800-14, National Institute of Standards and Technology, September 1996) and “Security Considerations in the Information System Development Life Cycle” (SP 800-64, National Institute of Standards and Technology, September, October 2003). The five stages of the SDLC are listed in NIST SP 800-14 as follows:

  1. Initiation – the beginning process that determines the need for the system and documenting its purpose and includes measuring the sensitivity of the system and data to be processed. This is called a sensitivity assessment.
  2. Development/Acquisition – involves the design, development, programming and acquisition of the system. In this stage programmers develop the application code while concentrating on security measures to make certain that input and output controls, audit mechanisms, and file-protection schemes are used.
  3. Implementation – this phase runs testing, security testing, accreditation, and installation of the system. This occurs once application coding has been completed. The testing should be handled by auditors or quality assurance engineers, not the programmers. If the code is written and verified by the same individuals, errors can go unnoticed and security functions can be bypassed. Thus assigning specific duties is important.
  4. Operation/Maintenance – identifying processes the system is designed to inform which include: security operations, modification/addition of hardware and/or software, administration, operational assurance, monitoring, and audits.
  5. Disposal – this phase overviews the state of the system or system components and products, such as hardware, software, and information; disk sanitization; archiving files; and moving equipment. This stage is usually reached when the system is no longer required.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More