Security and Risk management in SDLC Software development Life cycle

•

2 gostaram•4,932 visualizações

Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Security,Software development life cycle, SDLC, Risk Management,NIST,TOGAF,PMI,COBIT

Software


 Initiation: Security User Stories Identified
 Planning: Incorporate Risk identified in System
Architecture and Design.
 Implementation: Assess Identified Risk on
Implementation.
 Monitoring & Control: Changes, CR (Change request
must be reauthorized.
 Closing: Dispose off unwanted software, hardware &
information Components.
Security Risk Management in
SDLC

Step 1. System Characterization
Step 2. Threat Identification
Step 3. Vulnerability Identification
Step 4. Control Analysis
Step 5. Likelihood Determination
Step 6. Impact Analysis
Step 7. Risk Determination
Step 8. Control Recommendations
Step 9. Result determination.


Risk Management Steps Defined under
PMI
Risk Management Process Groups : Input – process –
Output
- Outputs: (Risk Register, Risk Management plan, Risk
Response, Communication Management plan,
Quantitative and Qualitative Risk Assessment and
Mitigation)
This is Almost similar To NIST methodology discussed
above.
PMI groups deals with Project management in general.
Whereas in NIST RM steps are Generic and platform
independent to work across multiple methodology.


 This is Evolving presentation: Will add more details
Refer Blog/presentation Read by almost 50,000
people. More details and write up can be found at:
 http://www.productmanagementview.wordpress.com
 http://projectmanagerview.wordpress.com
 http://sandyclassic.wordpress.com
More Details

Mais conteúdo relacionado

Mais procurados

NIST SP 800 30 Flow ChartJames W. De Rienzo

Security testingPrecise Testing Solution

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester

Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire

Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester

Achieving Continuous Monitoring with Security AutomationTripwire

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Donald E. Hester

BSidesQuebec2013_fredBSidesQuebec2013

Security assessmentAntonio Bristow

Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Donald E. Hester

Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough

How to Build Your Risk Management Plan – an Effective ChecklistTipsographic . com

FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester

Practical IT auditingFrederick Altum Pokoo-Aikins

Developing a Continuous Monitoring Action PlanTripwire

TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTri Phan

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester

Automating for NERC CIP-007-5-R1Tripwire

RMF Roles and Responsibilities (Part 1) Donald E. Hester

Mais procurados (20)

NIST SP 800 30 Flow Chart

Security testing

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...

Continuous Monitoring: Getting Past Complexity & Reducing Risk

Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize

Achieving Continuous Monitoring with Security Automation

Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam

BSidesQuebec2013_fred

Security assessment

Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize

Information Security Continuous Monitoring within a Risk Management Framework

How to Build Your Risk Management Plan – an Effective Checklist

FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle

Practical IT auditing

Developing a Continuous Monitoring Action Plan

TrustedAgent GRC for Vulnerability Management and Continuous Monitoring

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

Automating for NERC CIP-007-5-R1

RMF Roles and Responsibilities (Part 1)

Semelhante a Security and Risk management in SDLC Software development Life cycle

Many companies and agencies conduct IT audits to test and assess the.docxtienboileau

Designing NextGen Threat Identification SolutionsArun Prabhakar

Software EngineeringVijayapriyaP1

Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM

Software EngineeringDr. Anthony Vincent. B

Threat modelling(system + enterprise)abhimanyubhogwan

Object oriented analysis and design unit- iShri Shankaracharya College, Bhilai,Junwani

SdlcWaheed Iqbal Boss

CST 630 RANK Remember Education--cst630rank.comchrysanthemu49

Process Maturity Assessmentpchronis

Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke

CST 630 RANK Redefined Education--cst630rank.comclaric241

CST 630 RANK Achievement Education--cst630rank.comkopiko147

ByteCode pentest report exampleIhor Uzhvenko

OOSE-PRESENTATION.pptxRanjitKdk

Risk Based Security and Self Protection Powerpointrandalje86

CST 630 RANK Introduction Education--cst630rank.comagathachristie266

CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15

CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104

CST 630 RANK Become Exceptional--cst630rank.comagathachristie113

Semelhante a Security and Risk management in SDLC Software development Life cycle (20)

Many companies and agencies conduct IT audits to test and assess the.docx

Designing NextGen Threat Identification Solutions

Software Engineering

Defense In Depth Using NIST 800-30

Software Engineering

Threat modelling(system + enterprise)

Object oriented analysis and design unit- i

Sdlc

CST 630 RANK Remember Education--cst630rank.com

Process Maturity Assessment

Planning and Deploying an Effective Vulnerability Management Program

CST 630 RANK Redefined Education--cst630rank.com

CST 630 RANK Achievement Education--cst630rank.com

ByteCode pentest report example

OOSE-PRESENTATION.pptx

Risk Based Security and Self Protection Powerpoint

CST 630 RANK Introduction Education--cst630rank.com

CST 630 RANK Educational Specialist--cst630rank.com

CST 630 RANK Inspiring Innovation--cst630rank.com

CST 630 RANK Become Exceptional--cst630rank.com

Mais de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Management Consultancy Saudi Telecom Digital Transformation Design ThinkingSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Major new initiativesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Digital transformation journey ConsultingSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Agile Jira Reporting Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Lnt and bbby Retail Houseare industry Case assignment sandeep sharmaSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Risk management Consulting For MunicipalitySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

GDPR And Privacy By design ConsultancySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Real implementation Blockchain Best Use Cases ExamplesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Ffd 05 2012Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Biztalk architecture for Configured SMS serviceSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Data modelling interview questionSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Pmo best practicesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Agile project managementSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Enroll hostel Business ModelSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Cloud manager client provisioning guideline draft 1.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Bpm digital transformationSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Digital transformation explainedSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Government Digital transformation trend draft 1.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Enterprise architecture maturity rating draft 1.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Organisation Structure For digital Transformation TeamSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Mais de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW (20)

Management Consultancy Saudi Telecom Digital Transformation Design Thinking

Major new initiatives

Digital transformation journey Consulting

Agile Jira Reporting

Lnt and bbby Retail Houseare industry Case assignment sandeep sharma

Risk management Consulting For Municipality

GDPR And Privacy By design Consultancy

Real implementation Blockchain Best Use Cases Examples

Ffd 05 2012

Biztalk architecture for Configured SMS service

Data modelling interview question

Pmo best practices

Agile project management

Enroll hostel Business Model

Cloud manager client provisioning guideline draft 1.0

Bpm digital transformation

Digital transformation explained

Government Digital transformation trend draft 1.0

Enterprise architecture maturity rating draft 1.0

Organisation Structure For digital Transformation Team

Último

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Exploring iOS App Development: Simplifying the ProcessEvangelist Apps https://twitter.com/EvangelistSW/

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.

Right Money Management App For Your Financial GoalsJhone kinadey

Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions

Test Automation Strategy for Frontend and BackendArshad QA

Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823

Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy

Diamond Application Development Crafting Solutions with PrecisionSolGuruz

Microsoft AI Transformation Partner Playbook.pdfWilly Marroquin (WillyDevNET)

Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812

TECUNIQUE: Success Stories: IT Service providermohitmore19

Software Quality Assurance Interview QuestionsArshad QA

DNT_Corporate presentation know about usDynamic Netsoft

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI

Professional Resume Template for Software DevelopersVinodh Ram

Security and Risk management in SDLC Software development Life cycle

1.   Initiation: Security User Stories Identified  Planning: Incorporate Risk identified in System Architecture and Design.  Implementation: Assess Identified Risk on Implementation.  Monitoring & Control: Changes, CR (Change request must be reauthorized.  Closing: Dispose off unwanted software, hardware & information Components. Security Risk Management in SDLC

2. Step 1. System Characterization Step 2. Threat Identification Step 3. Vulnerability Identification Step 4. Control Analysis Step 5. Likelihood Determination Step 6. Impact Analysis Step 7. Risk Determination Step 8. Control Recommendations Step 9. Result determination.

3.  Risk Management Steps Defined under PMI Risk Management Process Groups : Input – process – Output - Outputs: (Risk Register, Risk Management plan, Risk Response, Communication Management plan, Quantitative and Qualitative Risk Assessment and Mitigation) This is Almost similar To NIST methodology discussed above. PMI groups deals with Project management in general. Whereas in NIST RM steps are Generic and platform independent to work across multiple methodology.

4.   This is Evolving presentation: Will add more details Refer Blog/presentation Read by almost 50,000 people. More details and write up can be found at:  http://www.productmanagementview.wordpress.com  http://projectmanagerview.wordpress.com  http://sandyclassic.wordpress.com More Details

Security and Risk management in SDLC Software development Life cycle

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Security and Risk management in SDLC Software development Life cycle

Semelhante a Security and Risk management in SDLC Software development Life cycle (20)

Mais de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Mais de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW (20)

Último

Último (20)

Security and Risk management in SDLC Software development Life cycle