5 hours 58 minutes
welcome back to CyberRays is. Of course, I'm your instructor. Bread Roads. Let's talk about the first phase of the system development life cycle, and that is initiation.
So in this lesson, we're gonna talk about security activities in this phase, we're gonna talk about the linkages from this, and we're gonna define what initiation is.
All right, So security activities pretty straightforward. We got to look at the CIA triumph, for example, if we're talking about saying e commerce site or something like that, they're probably going to be more concerned about availability and less about confidentiality and integrity. Obviously, P C I. D. S s when it comes to a control
set or a recommended control set for, say, credit card processing.
They're going to care about that as well. But they really want to make sure the site is up so people can buy things from them.
We're gonna look to see. Do we need to handle information especially? Like, for example, we talked about the credit card information, right? Obviously, that probably is P i I, especially when we associated with users and their home addresses and everything like that. If you've
ever filled out a site for purchase on a website. They asked for a lot of information
because if you're
credit card balances, if you will, they have to come after you for the money. So you are giving up that information willingly so that they can do that. And then, of course, any privacy requirements that exist. And here's the challenge here for it sees eyes he's in the United States, have a set of laws to follow, and there's 54 of them across the states and territories. If you go to Europe, you've got G D P R. If you go to
East Asia is totally different. So,
um, the way we do these security activities and what's important to us and what you know what is a privacy requirement is going to vary wildly, depending on
what jurisdiction you happen to be in.
So these are the linkages in phase one initiation. So, up with the top here, we make a decision to initiate the system. From an ISI perspective, we're gonna be doing our security planning. We're gonna be looking at all sorts of things here. We're gonna go to categorizing information system. We're gonna determine what our estimates are for security needed.
We're going to ensure the security development of the system.
We're gonna look at business impacts. We're gonna look at privacy impacts, right? We're gonna develop things like our quality assurance plants. We've talked about those, and at the end of this, we have an acquisition strategy. Potentially. We've reviewed the system concept and con office. We've done risk management. Right now. We've decided we're gonna move to the developing an acquisition phase. And so
obviously, one of the big things we make a decision on here
is what type of system development model are we going to use? Are we going to use agile? Are we going to use waterfall? Are we going to use spiral? Are we going to use the V? Uh, this is where that decision is made. Because if you don't make a decision and initiation and you will right into the acquisition side the next step in our process,
we're going to be, you know, potentially not making a good decision on either acquisition or development. So
part of this part of the things that come out of initiation is those types of decisions.
So what is initiation?
Okay, Simple we've talked about this. This is much akin to the Discover information protection needs that we talked about previously. It's really the requirements when we are in the initiation page of the system development life cycle. We are gathering the requirements that we need for the system or controls that we're going to be
implementing for our organization.
So in this lesson we talked about the security activities in initiation phase. We talked about the linkages as defined by NUS and the decisions that come out of that. Ultimately, there's one big decision. Are we gonna move to acquisition or development?
Right? That's the big decision and also the decision of which type of acquisition model are we going to follow really tied to what your company or organization is going to use on den? We talked about the fact that initiation is our requirements.
We'll see you next time
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered
ISC2 CISSP Practice Test: Certified Information Systems Security Professional
There is a growing need for information security leaders who possess the depth of expertise ...