Security Considerations for the Implementation Phase of SDLC - Report

Verified

Added on 2021/04/17

AI Summary

This report delves into the crucial security measures implemented during the implementation phase of the Software Development Life Cycle (SDLC). It highlights several key considerations, starting with the acceptance and inspection phase, which validates the deliverables against specifications. The report then discusses the integration of security controls, ensuring their incorporation into the operational site, and the importance of security certification for verifying control effectiveness and identifying vulnerabilities. Furthermore, it covers security accreditation, which authorizes system use based on assurance levels, and emphasizes the need to erase development and test environments properly. The report also emphasizes the importance of periodic evaluation and testing to assess system effectiveness and the integration of security certificates to mitigate fraudulent transactions. The report concludes by underscoring the necessity of these security measures in mitigating risks and preventing extra costs associated with the implementation phase.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running body: IMPLEMNTATION PHASE SECURITY MEASURES
IMPLEMNTATION PHASE SECURITY MEASURES
Name of the University
Name of the student
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IMPLEMNTATION PHASE SECURITY MEASURES
Several security considerations are taken into context while conducting the
implementation phase of the SDLC or Software development life cycle. The following
phases are implemented to detect the vulnerable risks that are related to the implementation
phase of the Software development life cycle.
First comes the acceptance and inspection phase. This process makes sure that the
organization which is developing the SDLC verifies and validates the described functionality
in the specification which are mentioned in the deliverable.
The second security consideration is the integration of security control. This process
ensures that security controls for the project are added in the operational site. It is normally
added where the IT system is delivered for operating. According to the security
implementation guidance and instructions from the vendor, the switches and the settings of
the security controls are enabled accordingly.
The third security consideration is the security certification. Through the established
verification procedures and techniques, this security measure ensures the effective
implementation of the controls. It also provides the organization with ample confidence that
the security countermeasures and safeguards that are implemented will safeguard the
information system of the organization (Kumar, Zadgaonkar & Shukla, 2013). The unknown
vulnerabilities of the IT can be discovered with the help of security certificates.
Fourthly, another security measure is taken namely security accreditation. For
processing, transmitting and storing the necessary information, this security measure provides
the required authorization of the system. This authorization is based on some agreed upon
assurance level and is usually granted by one senior official of the organization (Jain &
Suman, 2015). The verified effectiveness of the security measure is responsible for
identifying the residual risks to the operations. The development and test environment should

2IMPLEMNTATION PHASE SECURITY MEASURES
be erased properly to mitigate any security issues. Care should be taken when the IT system
is integrate with the operational environment to prevent loss of critical operations.
The system will be checked to ensure the information security by integrating the IT
system with the environment, completing the activities related to security accreditation and
planning the certification activities side by side with the security controls. The information
security can also be checked with the help of control gates such as review of system test
readiness and status of the final project, authorizing official review, IT deployment approval
and C&A review. Periodic evaluation and testing of the system must be conducted to
determine the effectiveness of the system. This provides credible information to the officials
for facilitating decisions which are risk based as well as credible. To further ensure
information security, system and review tests need to be performed before placing the system
in the operational environment (Highsmith, 2013). The results of the tests need to be fully
documented and updated in time in the official records of the organization.
The integration of the security certificate will help to mitigate fraudulent transactions
that occur when the IT system lacks proper credentials and audit trails. The security
accreditation measure will help to mitigate the defaced websites which were not made
according to the security standards and can be exploited due to their weaknesses (Layton,
2016). The acceptance and inspection phase will allow the system to detect orphan user
accounts when the identity management system of the organization does not integrate with
the IT system.
It can be concluded that without proper security measures, the risks that are evident
with the implementation phase of the system development life cycle of the project cannot be
mitigated. For properly identifying and analyzing the risks, extra effort needs to be put to
determine the security of the system to prevent the project from garnering extra costs.

3IMPLEMNTATION PHASE SECURITY MEASURES
References
Highsmith, J. (2013). Adaptive software development: a collaborative approach to managing
complex systems. Addison-Wesley.
Jain, R., & Suman, U. (2015). A systematic literature review on global software development
life cycle. ACM SIGSOFT Software Engineering Notes, 40(2), 1-14.
Kumar, N., Zadgaonkar, A. S., & Shukla, A. (2013). Evolving a new software development
life cycle model SDLC-2013 with client satisfaction. International Journal of Soft Computing
and Engineering (IJSCE), 3(1), 2231-2307.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. CRC Press.