The purpose of the risk analysis is to identify internal control and security vulnerabilities of an SDLC, determine the nature and magnitude of associated threats to data and assets, determine the resulting potential for loss, and provide managers, designers, systems security specialists and testers with recommended safeguards.
These would be included during the design, development and installation/operation phases of a new and/or modified SDLC to reduce the potential loss.
It should be reviewed and revised, as necessary, during each phase of the SDLC to assure that appropriate security measures are installed.
The review teams should use the findings and recommendations of the Risk Analysis during the SDLC security and certification reviews. It should be prepared and maintained as a separate document, and should be reviewed and updated as necessary, when a modification is made to the operational system
skip to main |
skip to sidebar
My counter
Blog Archive
-
▼
2009
(201)
-
▼
March
(201)
- Appraisal work – CMMI
- Appraisal Team Members & Process Improvement Consu...
- Lead Appraiser
- Models for Assessment and Baselines
- Implement CMMI
- Models for Assessment and Baselines
- Staged Versus Continuous Models
- Processes in CMMI
- Capability Maturity Model Integration - Three
- Capability Maturity Model Integration - Two
- Software Process Improvement Capability dEterminat...
- CMMI - Capability Maturity Model Integration
- TickIT
- Control of Nonconforming Product
- Internal Quality Audits
- Control of Monitoring and Measuring Devices
- Inspection and Testing
- Purchasing & Product Identification and Traceability
- Purchasing
- Customer-related processes
- Human resources
- Measurement Analysis & Improvement
- Product Realization
- Resource Management
- Management Review
- Quality Policy & Quality Planning
- Management Commitment & Customer Focus
- Document Records, and Data Control
- ISO 9000 series standards
- ISO - The International Organization for Standardi...
- Traditional Management to Quality Management
- Establishing Mutual Trust
- Awareness Training
- Leadership
- Schedule Metrics & Change Metrics
- Effort Metrics
- Productivity Metrics
- Quality Metrics
- Function Points
- The Defect Density Metric
- Product Quality Metrics
- Software Quality Metrics
- Process Compliance
- The Cycles of PDCA and PDSA
- Point XIII & XIV: Encouraging education and Self-i...
- Point XII: Removing Barriers that Rob People of Pr...
- Point X: & XI Eliminating Slogans, Exhortations, a...
- Point VIII: & XI: Driving Out Fear & Breaking Down...
- Point V: & VI : Improving Constantly and Forever t...
- Point VII: Adopting and Instituting leadership
- Point IV: Ending the Practice of Selecting Supplie...
- Point III: Ceasing Dependence upon Mass Inspection
- Point II: Adopting the New Philosophy
- The Quality Philosophies of Edward Deming
- Total Quality Management
- Process Control
- Process Definition
- The Deployment Process
- Control Chart
- Run Chart
- Pareto Chart
- Checksheet
- Histogram
- Matrix
- Benchmarking
- Flowchart and Process Map
- Force Field Analysis
- Cause-and-Effect Diagram
- Nominal Group Technique
- Affinity Diagram
- Brainstorming
- Change Control Procedures
- Software Configuration Management
- Quality Values and Quality Policy
- Quality Goals
- Quality Vision
- Quality Mission
- Quality Consensus
- Just-In-Time (JIT) Technique
- QUALITY MANAGEMENT TECHNIQUES & APPROACHES
- Quality Council
- QUALITY MANAGEMENT INFRASTRUCTURE
- Quality Management Champion
- Middle Management Commitment
- Executive Management Commitment
- MANAGEMENT COMMITMENT
- Total Quality Management
- Six Sigma Quality
- Best Practices and Benchmarking
- The Three Key Principles of Quality
- The Cost of Quality
- Quality versus Productivity
- The PDCA Cycle
- QUALITY CONCEPTS
- Difference Between Quality Control and Quality Ass...
- Difference Between Quality Control and Quality Ass...
- Quality Attributes for an Information System
- The Two Quality Gaps
- The Views of Quality
- Quality Assurance
-
▼
March
(201)
No comments:
Post a Comment