Introduction to the SDLC

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

5 hours 58 minutes
Video Transcription
Welcome back to cyber. Is this? Of course. I'm your instructor, Brad Rose.
Let's go ahead and introduce this system development life cycle, especially if it's something you're not familiar with
in this video. We're gonna provide an overview of the SCLC. We're gonna talk about the benefits. Why? Why is it important to do the SL SCLC? What does it help us with? And then we're gonna actually do a quick example Application. So you get sort of a feel for why we do S t l c
So here's the system development lifecycle. This was defined by the National Institutes of Standards and Technology, and the idea here was to take and standardize the steps needed when we're going to produce a product of security, control of security system ah, capability of function, whatever it ISS, especially when the construct
a system on this is, ah really great, high level way to think about systems engineering as well. And so it's cyclical. So it's a cycle, so it's continuous notice. It starts with initiation, and those are the needs. You've heard this before. Right? Then we go toe acquisition or development, and that's we're gonna talk about the buyer build piece of things,
then we get into implementation and assessment. So we're gonna test the system,
and then we're gonna feel their install it. Obviously, the implication here is that we don't just roll out an entirely new system to an enterprise and hope that it works. No, we actually do that incrementally.
And then, of course, operating them operations and maintenance. That's where the system does the work that we expected to do and then finally and importantly, disposal
or sunset. We have to get rid of the system.
We have to decommission it and reuse. It may be on dso the system development lifecycle shows that Hey, it's also kind of related to the life cycle of of our systems, right? I know that sounds a little circular, but
we talk about needing to do life cycle assessments of all of our stuff all the time on one of the ways we can do that is by using this system development life cycle,
the benefits of SCLC. There's a lot one we can start to look early and find those security vulnerabilities on mitigate them. We can integrate more easily mandatory controls and when I say mandatory controls. There are definitely times out there where you are
push to use a control because of regulatory or legal guidance
or anything like that. And so that's SCLC allows us to integrate those. Um, it allows us to, uh, identify and and reuse things right, and and that helps us reduce costs when we get to the The By bill decisions we talked about earlier. You know, it's really great if you can use God's
right. Maybe there's, ah, government off the shelf solution already in the house that you could just grab and use. It helps with decisions. It helps with documentation. Um, it really helps the customers be confident that we have created better interoperability in integration because we're following this cyclical process, right?
It's measured.
Um, it allows us to document along the way, and it allows us to really, hopefully answer the male throughout the entire life cycle of a system.
So here's an example Application. Let's say so. We're gonna start. I'm gonna start there. You see my start bubble. Let's say that we need a data loss prevention system. Well, we're going to initiate that with that need. I need to do DLP,
right? Then we're going to go down to the acquisition or development decision. You remember those? You remember the development models we talked about? Agile V waterfall Spiral. Right. Well, guess what? That's where we would employ those if we were going to develop a system.
But in this case here, it's a lot cheaper for us to just acquire one. So we decided we're gonna buy it
right, and then we go to implementation. And implementation is one of those things that we don't just, you know, Like I said, roll out everything to the entire enterprise and hope it works. No, We're gonna roll out our DLP solution toe, maybe 10 users and then maybe 100 users and then maybe 1500 users. Until that we reached the 10,000 people that work on our enterprise, and we have one of the entire thing.
But the reason we do like, say that rolling wave of implementation
is to ensure that we don't break stuff right. It's easy. You got to know that it's it's great to do information systems, security, engineering work. But when you start to break capabilities that are existing that people need to do their work and get people get so cranky. You don't wanna do that.
Um, then we're going to patch our system. That's option maintenance. Right? And finally, finally, we've decided at the end of this in its life cycle that we're gonna dispose it. We're just not going to use anymore. Why? Because we decided to move to the cloud, right? And so, as you can see here, our data loss prevention application was used for some time.
But we also plan that
and life cycle, that sunset that we've talked about so that we can actually dispose of it and get rid of it properly.
So in this lesson, we talked about the system development life cycle from an overview and benefits. And then we provided a quick walk through. In an example, application of data loss prevention.
We'll see you next time
Up Next
Information Systems Security Engineering Professional (ISSEP)

This ISSEP course provides students with the foundational knowledge of the concentration area of the CISSP certification that includes a focus on the processes used to develop secure systems. Students will learn key concepts and skills of the five ISSEP domains.

Instructed By