SlideShare una empresa de Scribd logo

Security and Risk management in SDLC Software development Life cycle

Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Security,Software development life cycle, SDLC, Risk Management,NIST,TOGAF,PMI,COBIT

Software
1 de 4
  Initiation: Security User Stories Identified  Planning: Incorporate Risk identified in System Architecture and Design.  Implementation: Assess Identified Risk on Implementation.  Monitoring & Control: Changes, CR (Change request must be reauthorized.  Closing: Dispose off unwanted software, hardware & information Components. Security Risk Management in SDLC
Step 1. System Characterization Step 2. Threat Identification Step 3. Vulnerability Identification Step 4. Control Analysis Step 5. Likelihood Determination Step 6. Impact Analysis Step 7. Risk Determination Step 8. Control Recommendations Step 9. Result determination.
 Risk Management Steps Defined under PMI Risk Management Process Groups : Input – process – Output - Outputs: (Risk Register, Risk Management plan, Risk Response, Communication Management plan, Quantitative and Qualitative Risk Assessment and Mitigation) This is Almost similar To NIST methodology discussed above. PMI groups deals with Project management in general. Whereas in NIST RM steps are Generic and platform independent to work across multiple methodology.
  This is Evolving presentation: Will add more details Refer Blog/presentation Read by almost 50,000 people. More details and write up can be found at:  http://www.productmanagementview.wordpress.com  http://projectmanagerview.wordpress.com  http://sandyclassic.wordpress.com More Details

Recomendados

penetration test
penetration testpenetration test
penetration testHajer alriyami
 
Lesson 2 scanning
Lesson 2 scanningLesson 2 scanning
Lesson 2 scanningFrankVianzon
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorUnderstanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorDonald E. Hester
 
Continual Monitoring
Continual MonitoringContinual Monitoring
Continual MonitoringTripwire
 
Software testing-and-risk-analysis
Software testing-and-risk-analysisSoftware testing-and-risk-analysis
Software testing-and-risk-analysisAjit Waje
 
Simple steps-risk-assessment-form
Simple steps-risk-assessment-formSimple steps-risk-assessment-form
Simple steps-risk-assessment-formWorldForeignAffairsD
 

Recomendados

penetration test
penetration testpenetration test
penetration testHajer alriyami
 
Lesson 2 scanning
Lesson 2 scanningLesson 2 scanning
Lesson 2 scanningFrankVianzon
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorUnderstanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorDonald E. Hester
 
Continual Monitoring
Continual MonitoringContinual Monitoring
Continual MonitoringTripwire
 
Software testing-and-risk-analysis
Software testing-and-risk-analysisSoftware testing-and-risk-analysis
Software testing-and-risk-analysisAjit Waje
 
Simple steps-risk-assessment-form
Simple steps-risk-assessment-formSimple steps-risk-assessment-form
Simple steps-risk-assessment-formWorldForeignAffairsD
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartJames W. De Rienzo
 
Security testing
Security testingSecurity testing
Security testingPrecise Testing Solution
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Donald E. Hester
 
BSidesQuebec2013_fred
BSidesQuebec2013_fredBSidesQuebec2013_fred
BSidesQuebec2013_fredBSidesQuebec2013
 
Security assessment
Security assessmentSecurity assessment
Security assessmentAntonio Bristow
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Donald E. Hester
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
How to Build Your Risk Management Plan – an Effective Checklist
How to Build Your Risk Management Plan – an Effective ChecklistHow to Build Your Risk Management Plan – an Effective Checklist
How to Build Your Risk Management Plan – an Effective ChecklistTipsographic . com
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleUnderstanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester
 
Practical IT auditing
Practical IT auditingPractical IT auditing
Practical IT auditingFrederick Altum Pokoo-Aikins
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
TrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTri Phan
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionUnderstanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester
 
Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1 Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1Tripwire
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) Donald E. Hester
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 

Más contenido relacionado

La actualidad más candente

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Donald E. Hester
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
How to Build Your Risk Management Plan – an Effective Checklist
How to Build Your Risk Management Plan – an Effective ChecklistHow to Build Your Risk Management Plan – an Effective Checklist
How to Build Your Risk Management Plan – an Effective ChecklistTipsographic . com
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleUnderstanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
TrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTri Phan
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionUnderstanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester
 
Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1 Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1Tripwire
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) Donald E. Hester
 

La actualidad más candente (20)

NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Security testing
Security testingSecurity testing
Security testing
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing Risk
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
 
BSidesQuebec2013_fred
BSidesQuebec2013_fredBSidesQuebec2013_fred
BSidesQuebec2013_fred
 
Security assessment
Security assessmentSecurity assessment
Security assessment
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
How to Build Your Risk Management Plan – an Effective Checklist
How to Build Your Risk Management Plan – an Effective ChecklistHow to Build Your Risk Management Plan – an Effective Checklist
How to Build Your Risk Management Plan – an Effective Checklist
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleUnderstanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
 
Practical IT auditing
Practical IT auditingPractical IT auditing
Practical IT auditing
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
TrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous Monitoring
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionUnderstanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
 
Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1 Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
 

Similar a Security and Risk management in SDLC Software development Life cycle

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Software Engineering
Software EngineeringSoftware Engineering
Software EngineeringVijayapriyaP1
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessmentpchronis
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 
OOSE-PRESENTATION.pptx
OOSE-PRESENTATION.pptxOOSE-PRESENTATION.pptx
OOSE-PRESENTATION.pptxRanjitKdk
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 

Similar a Security and Risk management in SDLC Software development Life cycle (20)

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Object oriented analysis and design unit- i
Object oriented analysis and design unit- iObject oriented analysis and design unit- i
Object oriented analysis and design unit- i
 
Sdlc
SdlcSdlc
Sdlc
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessment
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 
OOSE-PRESENTATION.pptx
OOSE-PRESENTATION.pptxOOSE-PRESENTATION.pptx
OOSE-PRESENTATION.pptx
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 

Más de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Más de Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW (20)

Management Consultancy Saudi Telecom Digital Transformation Design Thinking
Management Consultancy Saudi Telecom Digital Transformation Design ThinkingManagement Consultancy Saudi Telecom Digital Transformation Design Thinking
Management Consultancy Saudi Telecom Digital Transformation Design Thinking
 
Major new initiatives
Major new initiativesMajor new initiatives
Major new initiatives
 
Digital transformation journey Consulting
Digital transformation journey ConsultingDigital transformation journey Consulting
Digital transformation journey Consulting
 
Agile Jira Reporting
Agile Jira Reporting Agile Jira Reporting
Agile Jira Reporting
 
Lnt and bbby Retail Houseare industry Case assignment sandeep sharma
Lnt and bbby Retail Houseare industry Case assignment sandeep sharmaLnt and bbby Retail Houseare industry Case assignment sandeep sharma
Lnt and bbby Retail Houseare industry Case assignment sandeep sharma
 
Risk management Consulting For Municipality
Risk management Consulting For MunicipalityRisk management Consulting For Municipality
Risk management Consulting For Municipality
 
GDPR And Privacy By design Consultancy
GDPR And Privacy By design ConsultancyGDPR And Privacy By design Consultancy
GDPR And Privacy By design Consultancy
 
Real implementation Blockchain Best Use Cases Examples
Real implementation Blockchain Best Use Cases ExamplesReal implementation Blockchain Best Use Cases Examples
Real implementation Blockchain Best Use Cases Examples
 
Ffd 05 2012
Ffd 05 2012Ffd 05 2012
Ffd 05 2012
 
Biztalk architecture for Configured SMS service
Biztalk architecture for Configured SMS serviceBiztalk architecture for Configured SMS service
Biztalk architecture for Configured SMS service
 
Data modelling interview question
Data modelling interview questionData modelling interview question
Data modelling interview question
 
Pmo best practices
Pmo best practicesPmo best practices
Pmo best practices
 
Agile project management
Agile project managementAgile project management
Agile project management
 
Enroll hostel Business Model
Enroll hostel Business ModelEnroll hostel Business Model
Enroll hostel Business Model
 
Cloud manager client provisioning guideline draft 1.0
Cloud manager client provisioning guideline draft 1.0Cloud manager client provisioning guideline draft 1.0
Cloud manager client provisioning guideline draft 1.0
 
Bpm digital transformation
Bpm digital transformationBpm digital transformation
Bpm digital transformation
 
Digital transformation explained
Digital transformation explainedDigital transformation explained
Digital transformation explained
 
Government Digital transformation trend draft 1.0
Government Digital transformation trend draft 1.0Government Digital transformation trend draft 1.0
Government Digital transformation trend draft 1.0
 
Enterprise architecture maturity rating draft 1.0
Enterprise architecture maturity rating draft 1.0Enterprise architecture maturity rating draft 1.0
Enterprise architecture maturity rating draft 1.0
 
Organisation Structure For digital Transformation Team
Organisation Structure For digital Transformation TeamOrganisation Structure For digital Transformation Team
Organisation Structure For digital Transformation Team
 

Último

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 

Último (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 

Security and Risk management in SDLC Software development Life cycle

  • 1.   Initiation: Security User Stories Identified  Planning: Incorporate Risk identified in System Architecture and Design.  Implementation: Assess Identified Risk on Implementation.  Monitoring & Control: Changes, CR (Change request must be reauthorized.  Closing: Dispose off unwanted software, hardware & information Components. Security Risk Management in SDLC
  • 2. Step 1. System Characterization Step 2. Threat Identification Step 3. Vulnerability Identification Step 4. Control Analysis Step 5. Likelihood Determination Step 6. Impact Analysis Step 7. Risk Determination Step 8. Control Recommendations Step 9. Result determination.
  • 3.  Risk Management Steps Defined under PMI Risk Management Process Groups : Input – process – Output - Outputs: (Risk Register, Risk Management plan, Risk Response, Communication Management plan, Quantitative and Qualitative Risk Assessment and Mitigation) This is Almost similar To NIST methodology discussed above. PMI groups deals with Project management in general. Whereas in NIST RM steps are Generic and platform independent to work across multiple methodology.
  • 4.   This is Evolving presentation: Will add more details Refer Blog/presentation Read by almost 50,000 people. More details and write up can be found at:  http://www.productmanagementview.wordpress.com  http://projectmanagerview.wordpress.com  http://sandyclassic.wordpress.com More Details