Reply To: OCU ISSO D Week 04 Lesson 13 Discussion

Kelly Crooks

The Software Development Life Cycle (SDLC) is a framework defining tasks performed at each step in the software development process. The SDLC consists of 5 phases initiation, development, acquisition, implementation and assessment, operation and maintenance, and disposal.

Phase one: Initaioton initiation is when the need for an IT system is expressed and the purpose and scope of the system are documented.

Phase two: Development and acquisition. In this phase, the IT system is designed, purchased, programmed, developed, or otherwise constructed.

Phase three: Implementation & Assessment. This phase is when the system security features should be configured, enabled, tested, and verified.

Phase four: Operation & Maintenance. Phase four is when the system performs its functions and any modifications are made during this phase.

Phase five: Disposal. The last phase is when the disposition of information, hardware, or software occurs.

A security officer needs to understand all phases of the SDLC because they will be involved in most of the phases and it is their reasonability to make sure the SDLC is running properly and maintained at all times and to make sure that only authorized people have access to the system. The security officer is involved in purchases and acquisitions, security daily tasks, and monitoring regular patch and configuration management functions down to “end of life” making sure that the correct plans and procedures are in place and followed to discard the system information, hardware, or software.

Another reason the SDLC is important to security officers is that they will need to know how to change and add new security measures as technology investments grow across industries. It is not only a security officer’s job to keep the system safe from unauthorized people, but also hackers, malware, and viruses. Security officers, need to know how the SDLC works and operates so that the correct security changes can be made with changes in technology. If they don’t understand the system and don’t change and adapt the security measures and protocols, the new technology may not be compatible with the new security and cause the system to fail or be vulnerable to threats, costing the organization time and money.


Please Note:

The support ticket system is for technical questions and post-sale issues.


If you have pre-sale questions please use our chat feature or email .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.


Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  



We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense


The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission

error: Alert: Content is protected !!