Introduction to the SDLC

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary is of course,
00:00
I'm your instructor Brad Rhodes.
00:00
Let's go ahead and introduce
00:00
this system development life cycle.
00:00
Especially if it's something you're not familiar with.
00:00
In this video, we're going to provide
00:00
an overview of the SDLC.
00:00
We're going to talk about the benefits.
00:00
Why is it important to do the SDLC?
00:00
What does it help us with that?
00:00
We're going to actually do
00:00
a quick example application so you
00:00
get a feel for why we do SDLC.
00:00
Here's the system development life cycle.
00:00
This was defined by the National
00:00
Institutes of Standards and Technology.
00:00
The idea here was to take and
00:00
standardize the steps needed
00:00
when we are going to produce a security system,
00:00
a capability of function, whatever it is,
00:00
especially when the construct of a system.
00:00
This is a really great high-level way
00:00
to think about systems engineering as well.
00:00
It's cyclical, so it's a cycle,
00:00
so it's continuous notice.
00:00
It starts with initiation and those are the needs.
00:00
You've heard this before.
00:00
Then we go to acquisition
00:00
or development and that's what we're going
00:00
to talk about the buyer build peace of things.
00:00
Then we get into implementation and assessment.
00:00
We're going to test the system and
00:00
then we're going to field or install it.
00:00
Obviously, the implication
00:00
here is that we don't just roll
00:00
out an entirely new system
00:00
to an enterprise and hope that it works.
00:00
No, we actually do that incrementally.
00:00
Then of course, operations and maintenance,
00:00
that's where the system does
00:00
the work that we expect it to do.
00:00
Then finally and importantly, disposal or sunset.
00:00
We have to get rid of the system.
00:00
We have to decommission it and reuse it, maybe.
00:00
The system development life cycle shows that, "Hey,
00:00
it's also related to the life cycle of our systems."
00:00
[LAUGHTER] I know that sounds a little circular,
00:00
but we talk about needing to do
00:00
life-cycle assessments of all of our stuff all the time.
00:00
One of the ways we can do that is by
00:00
using this system development life cycle.
00:00
[NOISE] The benefits of SDLC. There's a lot.
00:00
One, we can start to look early and
00:00
find those security vulnerabilities and mitigate them.
00:00
We can integrate more easily
00:00
mandatory controls When I say mandatory controls,
00:00
there are definitely times out there
00:00
where you are pushed to use a control
00:00
because of regulatory or legal guidance or
00:00
anything like that and so the SDLC
00:00
allows us to integrate those.
00:00
It allows us to identify and reuse things.
00:00
That helps us reduce costs when we get to
00:00
the buy build decisions we've talked about earlier.
00:00
It's really great if you can use guards.
00:00
Maybe there's a government off-the-shelf solution
00:00
already in the house that you can just grab and use.
00:00
It helps with decisions,
00:00
it helps with documentation.
00:00
It really helps the customers
00:00
be confident that we have created
00:00
better interoperability in integration
00:00
because we're following this cyclical process.
00:00
It's measured, it allows us to document along the way,
00:00
and it allows us to really hopefully
00:00
answer the mail throughout
00:00
the entire life cycle of a system.
00:00
[NOISE] Here's an example application.
00:00
Let's say we're going to start, now going to start there.
00:00
You see my start bubble.
00:00
Let's say that we need a data loss prevention system.
00:00
Well, we're going to initiate that with that need,
00:00
I need to do DLP.
00:00
Then we're going to go down to
00:00
the acquisition or development decision.
00:00
You remember the development models
00:00
we've talked about agile V,
00:00
waterfall, spiral. Well, guess what?
00:00
That's where we would employ those if
00:00
we were going to develop a system.
00:00
But in this case here,
00:00
it's a lot cheaper for us to just acquire one.
00:00
We decide we're going to buy it.
00:00
Then we go to implementation.
00:00
Implementation is one of those
00:00
things that we don't just,
00:00
like I said, rollout everything
00:00
to the entire enterprise and hope it works.
00:00
Now, we're going to roll out
00:00
our DLP solution to maybe 10 users,
00:00
and then maybe a 100 users and then
00:00
maybe 1,500 users until
00:00
we reach the 10,000 people that work in
00:00
our enterprise and we have implemented the entire thing.
00:00
But the reason we do like say that rolling wave of
00:00
implementation is to ensure that we
00:00
don't break stuff. It's easier.
00:00
You got to know that it's great to
00:00
do information system security engineering work.
00:00
But when you start to break capabilities that are
00:00
existing that people need to do
00:00
their work, people get a little cranky.
00:00
You don't want to do that. Then we're
00:00
going to patch your system,
00:00
that's ops and maintenance.
00:00
Finally, we've decided at
00:00
the end of this and its life cycle
00:00
that we're going to dispose it,
00:00
we're just not going to use anymore.
00:00
Why? Because we decided to move to the Cloud.
00:00
As you can see here,
00:00
our data loss prevention application
00:00
was used for some time,
00:00
but we also planned that end
00:00
life cycle but sunset that we've
00:00
talked about so that we can
00:00
actually dispose of it and get rid of it properly.
00:00
[NOISE] In this lesson,
00:00
we talked about the system development life cycle
00:00
from an overview and benefits,
00:00
and then we've provided a quick walk-through in
00:00
an example application of
00:00
data loss prevention. We'll see you next time.
Up Next