Security and Risk management in SDLC Software development Life cycle

•

2 j'aime•4,934 vues

Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Security,Software development life cycle, SDLC, Risk Management,NIST,TOGAF,PMI,COBIT

Logiciels


 Initiation: Security User Stories Identified
 Planning: Incorporate Risk identified in System
Architecture and Design.
 Implementation: Assess Identified Risk on
Implementation.
 Monitoring & Control: Changes, CR (Change request
must be reauthorized.
 Closing: Dispose off unwanted software, hardware &
information Components.
Security Risk Management in
SDLC

Step 1. System Characterization
Step 2. Threat Identification
Step 3. Vulnerability Identification
Step 4. Control Analysis
Step 5. Likelihood Determination
Step 6. Impact Analysis
Step 7. Risk Determination
Step 8. Control Recommendations
Step 9. Result determination.


Risk Management Steps Defined under
PMI
Risk Management Process Groups : Input – process –
Output
- Outputs: (Risk Register, Risk Management plan, Risk
Response, Communication Management plan,
Quantitative and Qualitative Risk Assessment and
Mitigation)
This is Almost similar To NIST methodology discussed
above.
PMI groups deals with Project management in general.
Whereas in NIST RM steps are Generic and platform
independent to work across multiple methodology.


 This is Evolving presentation: Will add more details
Refer Blog/presentation Read by almost 50,000
people. More details and write up can be found at:
 http://www.productmanagementview.wordpress.com
 http://projectmanagerview.wordpress.com
 http://sandyclassic.wordpress.com
More Details

Recommandé

penetration testHajer alriyami

Lesson 2 scanningFrankVianzon

PhishingBox OverviewPhishingBox

Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester

Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorDonald E. Hester

Continual MonitoringTripwire

Software testing-and-risk-analysisAjit Waje

Simple steps-risk-assessment-formWorldForeignAffairsD

Recommandé

penetration testHajer alriyami

Lesson 2 scanningFrankVianzon

PhishingBox OverviewPhishingBox

Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester

Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorDonald E. Hester

Continual MonitoringTripwire

Software testing-and-risk-analysisAjit Waje

Simple steps-risk-assessment-formWorldForeignAffairsD

NIST SP 800 30 Flow ChartJames W. De Rienzo

Security testingPrecise Testing Solution

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester

Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire

Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester

Achieving Continuous Monitoring with Security AutomationTripwire

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Donald E. Hester

BSidesQuebec2013_fredBSidesQuebec2013

Security assessmentAntonio Bristow

Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Donald E. Hester

Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough

How to Build Your Risk Management Plan – an Effective ChecklistTipsographic . com

FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester

Practical IT auditingFrederick Altum Pokoo-Aikins

Developing a Continuous Monitoring Action PlanTripwire

TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTri Phan

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester

Automating for NERC CIP-007-5-R1Tripwire

RMF Roles and Responsibilities (Part 1) Donald E. Hester

Many companies and agencies conduct IT audits to test and assess the.docxtienboileau

Designing NextGen Threat Identification SolutionsArun Prabhakar

Contenu connexe

Tendances

NIST SP 800 30 Flow ChartJames W. De Rienzo

Security testingPrecise Testing Solution

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester

Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire

Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester

Achieving Continuous Monitoring with Security AutomationTripwire

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Donald E. Hester

BSidesQuebec2013_fredBSidesQuebec2013

Security assessmentAntonio Bristow

Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Donald E. Hester

Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough

How to Build Your Risk Management Plan – an Effective ChecklistTipsographic . com

FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester

Practical IT auditingFrederick Altum Pokoo-Aikins

Developing a Continuous Monitoring Action PlanTripwire

TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTri Phan

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester

Automating for NERC CIP-007-5-R1Tripwire

RMF Roles and Responsibilities (Part 1) Donald E. Hester

Tendances (20)

NIST SP 800 30 Flow Chart

Security testing

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...

Continuous Monitoring: Getting Past Complexity & Reducing Risk

Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize

Achieving Continuous Monitoring with Security Automation

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam

BSidesQuebec2013_fred

Security assessment

Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize

Information Security Continuous Monitoring within a Risk Management Framework

How to Build Your Risk Management Plan – an Effective Checklist

FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle

Practical IT auditing

Developing a Continuous Monitoring Action Plan

TrustedAgent GRC for Vulnerability Management and Continuous Monitoring

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

Automating for NERC CIP-007-5-R1

RMF Roles and Responsibilities (Part 1)

Similaire à Security and Risk management in SDLC Software development Life cycle

Many companies and agencies conduct IT audits to test and assess the.docxtienboileau

Designing NextGen Threat Identification SolutionsArun Prabhakar

Software EngineeringVijayapriyaP1

Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM

Software EngineeringDr. Anthony Vincent. B

Threat modelling(system + enterprise)abhimanyubhogwan

Object oriented analysis and design unit- iShri Shankaracharya College, Bhilai,Junwani

SdlcWaheed Iqbal Boss

CST 630 RANK Remember Education--cst630rank.comchrysanthemu49

Process Maturity Assessmentpchronis

Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke

CST 630 RANK Redefined Education--cst630rank.comclaric241

CST 630 RANK Achievement Education--cst630rank.comkopiko147

ByteCode pentest report exampleIhor Uzhvenko

OOSE-PRESENTATION.pptxRanjitKdk

Risk Based Security and Self Protection Powerpointrandalje86

CST 630 RANK Introduction Education--cst630rank.comagathachristie266

CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15

CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104

CST 630 RANK Become Exceptional--cst630rank.comagathachristie113

Similaire à Security and Risk management in SDLC Software development Life cycle (20)

Many companies and agencies conduct IT audits to test and assess the.docx

Designing NextGen Threat Identification Solutions

Software Engineering

Defense In Depth Using NIST 800-30

Software Engineering

Threat modelling(system + enterprise)

Object oriented analysis and design unit- i

Sdlc

CST 630 RANK Remember Education--cst630rank.com

Process Maturity Assessment

Planning and Deploying an Effective Vulnerability Management Program

CST 630 RANK Redefined Education--cst630rank.com

CST 630 RANK Achievement Education--cst630rank.com

ByteCode pentest report example

OOSE-PRESENTATION.pptx

Risk Based Security and Self Protection Powerpoint

CST 630 RANK Introduction Education--cst630rank.com

CST 630 RANK Educational Specialist--cst630rank.com

CST 630 RANK Inspiring Innovation--cst630rank.com

CST 630 RANK Become Exceptional--cst630rank.com

Plus de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Management Consultancy Saudi Telecom Digital Transformation Design ThinkingSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Major new initiativesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Digital transformation journey ConsultingSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Agile Jira Reporting Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Lnt and bbby Retail Houseare industry Case assignment sandeep sharmaSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Risk management Consulting For MunicipalitySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

GDPR And Privacy By design ConsultancySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Real implementation Blockchain Best Use Cases ExamplesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Ffd 05 2012Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Biztalk architecture for Configured SMS serviceSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Data modelling interview questionSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Pmo best practicesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Agile project managementSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Enroll hostel Business ModelSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Cloud manager client provisioning guideline draft 1.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Bpm digital transformationSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Digital transformation explainedSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Government Digital transformation trend draft 1.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Enterprise architecture maturity rating draft 1.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Organisation Structure For digital Transformation TeamSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Plus de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW (20)

Management Consultancy Saudi Telecom Digital Transformation Design Thinking

Major new initiatives

Digital transformation journey Consulting

Agile Jira Reporting

Lnt and bbby Retail Houseare industry Case assignment sandeep sharma

Risk management Consulting For Municipality

GDPR And Privacy By design Consultancy

Real implementation Blockchain Best Use Cases Examples

Ffd 05 2012

Biztalk architecture for Configured SMS service

Data modelling interview question

Pmo best practices

Agile project management

Enroll hostel Business Model

Cloud manager client provisioning guideline draft 1.0

Bpm digital transformation

Digital transformation explained

Government Digital transformation trend draft 1.0

Enterprise architecture maturity rating draft 1.0

Organisation Structure For digital Transformation Team

Dernier

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab

How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc

HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health

How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes

AI & Machine Learning Presentation TemplatePresentation.STUDIO

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls

How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Microsoft AI Transformation Partner Playbook.pdfWilly Marroquin (WillyDevNET)

Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS

Optimizing AI for immediate response in Smart CCTVshikhaohhpro

8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82

VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale

5 Signs You Need a Fashion PLM Software.pdfWave PLM

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls

Dernier (20)

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

How To Use Server-Side Rendering with Nuxt.js

HR Software Buyers Guide in 2024 - HRSoftware.com

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

AI & Machine Learning Presentation Template

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

How to Choose the Right Laravel Development Partner in New York City_compress...

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Microsoft AI Transformation Partner Playbook.pdf

Unlocking the Future of AI Agents with Large Language Models

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Optimizing AI for immediate response in Smart CCTV

8257 interfacing 2 in microprocessor for btech students

VTU technical seminar 8Th Sem on Scikit-learn

5 Signs You Need a Fashion PLM Software.pdf

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Security and Risk management in SDLC Software development Life cycle

1.   Initiation: Security User Stories Identified  Planning: Incorporate Risk identified in System Architecture and Design.  Implementation: Assess Identified Risk on Implementation.  Monitoring & Control: Changes, CR (Change request must be reauthorized.  Closing: Dispose off unwanted software, hardware & information Components. Security Risk Management in SDLC

2. Step 1. System Characterization Step 2. Threat Identification Step 3. Vulnerability Identification Step 4. Control Analysis Step 5. Likelihood Determination Step 6. Impact Analysis Step 7. Risk Determination Step 8. Control Recommendations Step 9. Result determination.

3.  Risk Management Steps Defined under PMI Risk Management Process Groups : Input – process – Output - Outputs: (Risk Register, Risk Management plan, Risk Response, Communication Management plan, Quantitative and Qualitative Risk Assessment and Mitigation) This is Almost similar To NIST methodology discussed above. PMI groups deals with Project management in general. Whereas in NIST RM steps are Generic and platform independent to work across multiple methodology.

4.   This is Evolving presentation: Will add more details Refer Blog/presentation Read by almost 50,000 people. More details and write up can be found at:  http://www.productmanagementview.wordpress.com  http://projectmanagerview.wordpress.com  http://sandyclassic.wordpress.com More Details