Security Considerations In The Information System

When do you have to pay attention to the security requirements of your information system? From the very earliest stages of planning for the development of the system to its final disposal is the advice of the National Institute of Standards and Technology (NIST). By considering security early in the information system development life cycle (SDLC), you may be able to avoid higher costs later on and develop a more secure system from the start. NIST’s Information Technology Laboratory recently issued Special Publication (SP) 800-64, Security Considerations in the Information System Development Life Cycle, by Tim Grance, Joan Hash, and Marc Stevens, to help organizations include security requirements in their planning for every phase of the system life cycle, and to select, acquire, and use appropriate and cost-effective security controls. The guide discusses the selection of a life cycle model by the organization and the responsibilities of the organization’s managers and staff members for conducting the system development process. While NIST SP 800-64 describes security and a generic system development life cycle for illustrative purposes, the basic concepts can be applied, with tailoring, to any SDLC model or acquisition method the organization is using. Full Story