2 cissp ® Official Study Guide Eighth Edition

Systems Development Lifecycle

Download 19,3 Mb.

Pdf ko'rish

bet	815/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 811 812 813 814 815 816 817 818 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Conceptual Definition

Systems Development Lifecycle
Security is most effective if it is planned and managed throughout the lifecycle of a system
or application. Administrators employ project management to keep a development project
on target and moving toward the goal of a completed product. Often project management
is structured using lifecycle models to direct the development process. Using formalized
lifecycle models helps ensure good coding practices and the embedding of security in every
stage of product development.

Introducing Systems Development Controls
879
All systems development processes should have several activities in common. Although
they may not necessarily share the same names, these core activities are essential to the
development of sound, secure systems:
■
Conceptual definition
■
Functional requirements determination
■
Control specifications development
■
Design review
■
Code review walk-through
■
System test review
■
Maintenance and change management
The section “Lifecycle Models” later in this chapter examines two lifecycle models and
shows how these activities are applied in real-world software engineering environments.
It’s important to note at this point that the terminology used in systems
development lifecycles varies from model to model and from publication
to publication. Don’t spend too much time worrying about the exact terms
used in this book or any of the other literature you may come across. When
taking the CISSP examination, it’s much more important that you have an
understanding of how the process works and of the fundamental principles
underlying the development of secure systems.
Conceptual Definition
The conceptual defi nition phase of systems development involves creating the basic concept
statement for a system. It’s a simple statement agreed on by all interested stakeholders (the
developers, customers, and management) that states the purpose of the project as well as
the general system requirements. The conceptual defi nition is a very high-level statement
of purpose and should not be longer than one or two paragraphs. If you were reading
a detailed summary of the project, you might expect to see the concept statement as an
abstract or introduction that enables an outsider to gain a top-level understanding of the
project in a short period of time.
It’s very helpful to refer to the concept statement at all phases of the systems develop-
ment process. Often, the intricate details of the development process tend to obscure the
overarching goal of the project. Simply reading the concept statement periodically can assist
in refocusing a team of developers.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 811 812 813 814 815 816 817 818 ... 881