Including security early in the systems development life cycle (SDLC) results in less expensive and more effective security than adding it to an operational system.  Treadstone 71 presents a framework for incorporating security into all phases of the SDLC, from initiation to disposal.  We define and deliver general or specific SDLC frameworks that includes the following phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition.  Each of these phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development.  Treadstone 71 drives the examination of your organization's security within the SDLC:

• Including information security early on in the SDLC

• The key security roles and responsibilities that are needed in most information system developments

• How the risk assessment process is integral to information security in the SDLC

• A framework for incorporating security into all phases of the SDLC

• The set of security steps needed to effectively incorporate security into a system during its development

As companies increasingly depend upon software applications to enhance operations, the business impact of a broad range of IT risks concurrently rises. These IT risks include security, availability, recoverability, performance, scalability, and compliance risks. The primary cause of these IT risks is an absence of expertise and consideration of the risks during application development and security within the fabric of the SDLC.

Yet unstructured implementation of risk mitigation measures in the application development lifecycle may lead to over-investment or under-investment in these measures. Using a risk management approach, a cost-effective level of risk mitigation can be defined and implemented commensurate to your organization’s risk tolerance.

 Key aspects of this strategy include developing an awareness of various types of IT risks related to applications, quantifying the potential business impacts of application-related IT risks, and building an institutional capability to manage this IT risk.

Copyright 2003 Treadstone 71 info@treadstone71.com 1-888-687-8450 Office - 508.519.0363 Fax

ISO17799, OCTAVE, CISSP, CISM, Sarbanes Oxley, SOX, CobiT, 27001, ISMS, ISO-27001, ISO 27001, ISO27001, 27005, 27002, GRC, prevention, 17799, proactive, FISMA, defense in depth, arabic, jihadi, cyber jihad, cyber terrorism, holistic security, 201 CMR 17, governance, risk, compliance, Jeff Bardin, Wireless Security, CMM, ITIL, ITSM, Sarbanes Oxley, security awareness, risk, threat, threat matrix, security metrics, ISO1779 training, 21 CFR 11, NSA IAM, BITS, risk management, security in the sdlc, secsdlc, security program, security strategy, business impact analysis, Treadstone 71, bourne, CISM, penetration testing, risk, GRC, detective controls, preventative controls, HIPAA, GLBA, Graham-Leach-Bliley, SAS 70, intrusion detection, interim CISO, interim CIRO, CIRO, CISO, chief security, FFIEC, financial services, trust, continuity, risk assessment, maturity, vulnerability scans, data classification, assessments, disaster recovery, homeland security, security metrics, rosi, roi, training, security posture, threat vulnerability pairs, vulnerability management, security services, information security, risk management, business risk, controls, holistic security, defense in depth, Governance, Risk and Compliance, information risk management