Security in the SDLC Services

Including security early in the systems development life cycle (SDLC) results in less expensive and more effective security than adding it to an operational system.  Treadstone 71 presents a framework for incorporating security into all phases of the SDLC, from initiation to disposal.  We define and deliver general or specific SDLC frameworks that includes the following phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition.  Each of these phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development.  Treadstone 71 drives the examination of your organization's security within the SDLC:

As companies increasingly depend upon software applications to enhance operations, the business impact of a broad range of IT risks concurrently rises. These IT risks include security, availability, recoverability, performance, scalability, and compliance risks. The primary cause of these IT risks is an absence of expertise and consideration of the risks during application development and security within the fabric of the SDLC.

Yet unstructured implementation of risk mitigation measures in the application development lifecycle may lead to over-investment or under-investment in these measures. Using a risk management approach, a cost-effective level of risk mitigation can be defined and implemented commensurate to your organization’s risk tolerance.

 Key aspects of this strategy include developing an awareness of various types of IT risks related to applications, quantifying the potential business impacts of application-related IT risks, and building an institutional capability to manage this IT risk.

Copyright 2003 Treadstone 71 info@treadstone71.com 1-888-687-8450 Office - 508.519.0363 Fax