Question

Explain the Security Systems Development Life Cycle methodology from the perspective of the Chief Information Security Officer (CISO). How does each phase, its deliverables and the personnel involved relate to the requirements of the CISO?

PLEASE DO NOT PROVIDE ANSWERS ALREADY GIVEN. NO PLAGIARISM, PLEASE!

Answer 1

Nowadays, companies have moved on to the Agile or Rapid Application Development SDLC(Software Development Life Cycle) which has been resulting in reducing the development timeframe. Now, starting with the risk assessment, here we go,

1. Collecting Information:
   • The collection of information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
   • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
2. Risk Profiling:
   • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
   • There must be things carried out like:
     • Automated threat scanning
     • Penetration Testing
     • Black Box Testing of the source codes
     • Assigning Risk Ratings to the Security Flaws
     • Reporting to higher Authorities
3. Updating Technology:
   • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
   • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
4. Application Fingerprinting:
   • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
   • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
     • Defining Objectives
     • Devising Strategy to overcome threats
     • Role-Based Access Control Matrix
     • Choosing Appropriate Security Tools

Everyone must keep in mind that being safe on the internet is an integral part of the virtual life and must carry on managing the security each time there is any interference of threats or vulnerability. One must also stay updated if using any third-party application as there are many zero-day fixes coming in the applications which help us to stay immune to malware and viruses that have affected the software in the past time.