Close

OCU C)ISSO D Discussion Lesson 13

Viewing 3 reply threads
  • Author
    Posts
    • #65750
      Jessica Jagerson
      Keymaster

      As a security officer, why is the software development life cycle important?  Explain what the SDLC is in addition to why this is important to the SO.  Use at least 2 points from the book and at least 2 points from the video.  You may use additional references in this discussion too.

    • #85421
      Marcena Davis
      Participant

      As a security officer, understanding the software development life cycle (SDLC) is crucial for ensuring the security of software applications. The SDLC is the process by which software is designed, developed, tested, deployed, and maintained. Here are some reasons why the SDLC is important for security officers:

      Firstly, by integrating security into the SDLC, security officers can ensure that applications are designed with security in mind from the very beginning. This helps to reduce the likelihood of security vulnerabilities being introduced into the application later on in the development process. According to the CIS SO-volume 2, “By following secure SDLC practices, development teams can create secure applications by design, and minimize the need for reactive measures later in the development process.”

      Secondly, the SDLC helps security officers to identify and mitigate security risks throughout the development process. By using risk assessment techniques, security officers can identify potential security risks and vulnerabilities and take steps to mitigate them during the development process. As the video on software development security points out, “The earlier in the SDLC that a risk is identified, the cheaper and easier it is to fix.”

      So, understanding the SDLC is crucial for security officers as it helps to ensure that software applications are designed, developed, and deployed securely. By integrating security into the development process and using risk assessment techniques, security officers can help to mitigate security risks and vulnerabilities in software applications.

      • #85661
        Kevin Mehok
        Participant

        Marcena,

        I love being in class with you and you are always on point. The need to ensure software applications are designed, developed, and are securely deployed is absolutely crucial. Why because careful planning reduces risks. When risks are mitigated and/or reduced, we are being successful as a Security Officer.

        Great job.

        God Bless,

        Kevin

      • #85725
        Kelly Crooks
        Participant

        Marcena, great post I agree with your reasoning with why it is important for a security officer to understand not only what the SDLC is but also how it works and the security risks involved with it. As a security officer it is their responsibility to mitigate and reduce data loss. By making sure they understand and can implement the correct security protocols will help them achieve their goals.

    • #85660
      Kevin Mehok
      Participant

      IST3100 Information Systems Security Officer
      Week Four
      WK4 SDLC Discussion
      Kevin Mehok

      This week’s discussion focusing on the ask of ‘why is using an SDLC important?’
      I believe that the SDLC is important because it helps ensure that the right people are involved in the right activities at the right times (Coursera, 2023). A well-defined SDLC also allows an Security Officer (SO) to measure their progress relative to team goals and gives them a way to ensure everything is on track (Coursera, 2023).

      I have learned this week that the process of the software development life cycle encompasses all aspects of the software-making process (Coursera, 2023). It begins with scoping the requirements Security Officers need for their program and ends with he or she delivering it and managing maintenance protocols (Coursera, 2023). Each stage in the SDLC has its own set of activities that need to be performed by the team members involved in the development project (Coursera, 2023).

      Let’s discuss two approaches that we can implement with our current teams or future teams. First, let’s discuss the Waterfall model. Waterfall model. This model remains one of software development’s most popular process models (Coursera, 2023). The approach has stood the test of time and has been used since the 1970s (Coursera, 2023). The Waterfall model is a sequential design process that moves in a straight line from one phase to the next (Coursera, 2023).

      Developers use this approach when the requirements for a product are well-defined and resources are available. However, this model performs inconsistently when requirements change frequently.

      Secondly, let’s discuss that Agile model. This software development process aims to deliver high-quality software early, often, and at a low cost (Coursera, 2023). Agile methods prioritize working software over comprehensive pre-planning and documentation, which can slow the creative process (Coursera, 2023). It is a modern approach with short phases that works well when software requirements are likely to emerge as the development process begins (Coursera, 2023). I love this model and I have used it several times at the work place.

      The Agile model offers more flexibility than the Waterfall model, but it is not always suitable for large-scale projects with complex requirements because it lacks initial documentation (Coursera, 2023). Keep in mind when planning that the size of the task has been determined prior to using this model.

      That’s all I’ve got.

      God Bless,

      Kevin

      References:

      https://www.coursera.org/articles/software-development-life-cycle

      • #85676
        Marcena Davis
        Participant

        Hi Kevin,

        I completely agree with you on the importance of using an SDLC in software development. It’s great to hear that a well-defined SDLC can help an Security Officer measure their progress relative to team goals and ensure everything is on track.

        I also appreciate your overview of the two approaches that can be implemented with current or future teams. The Waterfall model, although popular since the 1970s, can sometimes perform inconsistently when requirements change frequently. On the other hand, the Agile model prioritizes working software and offers more flexibility, making it suitable for projects with evolving requirements.

        • #85680
          Kevin Mehok
          Participant

          Thanks Marcena,

          I think the importance of being flexible is somewhat invaluable in a world where everything changes and quickly. I love Agile, but I see value still using waterfall. I feel that age of the technique or concept is not relevant if it works and still proves to be effective. Thanks for taking time to comment and share your thoughts.

          God Bless,

          Kevin

      • #85773
        Kelly Crooks
        Participant

        Kevin, thanks for sharing your thoughts on why SDLC is important. I really appreciate your explanation of why and how both the Waterfall model and the Agile model are important in the SDLC. You always have great points in our discussions. While I do remember a little about the different models from a previous class, having you refresh them made it easier to understand them. I have found that Agile is easier for me to use than the Waterfall model. I am getting better at using them and I have found some programs and software that allow me to practice using them. I will get the hang of it.

    • #85684
      Kelly Crooks
      Participant

      The Software Development Life Cycle (SDLC) is a framework defining tasks performed at each step in the software development process. The SDLC consists of 5 phases initiation, development, acquisition, implementation and assessment, operation and maintenance, and disposal.

      Phase one: Initaioton initiation is when the need for an IT system is expressed and the purpose and scope of the system are documented.

      Phase two: Development and acquisition. In this phase, the IT system is designed, purchased, programmed, developed, or otherwise constructed.

      Phase three: Implementation & Assessment. This phase is when the system security features should be configured, enabled, tested, and verified.

      Phase four: Operation & Maintenance. Phase four is when the system performs its functions and any modifications are made during this phase.

      Phase five: Disposal. The last phase is when the disposition of information, hardware, or software occurs.

      A security officer needs to understand all phases of the SDLC because they will be involved in most of the phases and it is their reasonability to make sure the SDLC is running properly and maintained at all times and to make sure that only authorized people have access to the system. The security officer is involved in purchases and acquisitions, security daily tasks, and monitoring regular patch and configuration management functions down to “end of life” making sure that the correct plans and procedures are in place and followed to discard the system information, hardware, or software.

      Another reason the SDLC is important to security officers is that they will need to know how to change and add new security measures as technology investments grow across industries. It is not only a security officer’s job to keep the system safe from unauthorized people, but also hackers, malware, and viruses. Security officers, need to know how the SDLC works and operates so that the correct security changes can be made with changes in technology. If they don’t understand the system and don’t change and adapt the security measures and protocols, the new technology may not be compatible with the new security and cause the system to fail or be vulnerable to threats, costing the organization time and money.

      • #85719
        Marcena Davis
        Participant

        Great post, Kelly! Your explanation of the SDLC and its importance to security officers is spot on. It’s essential for security officers to be involved in every phase of the SDLC to ensure the proper functioning and security of IT systems. Your insight on how understanding the SDLC helps security officers adapt and update security measures to keep up with changes in technology is also very relevant and valuable.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email information@mile2.com .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.

 

Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  

 

Accreditations

We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense

USAF

The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission