What does a CISO do?
- Creates strategic IS plan.
- Suggests IS solutions to protect business activities.
- Improving IS by managing and planning.
What’s a Security Systems
Development Life Cycle (SecSDLC)?
a methodology for the design and
implementation of an information system
What are the 6 steps in SecSDLC?
- Investigation.
- Analysis.
- Logical Design.
- Physical Design.
- Implementation.
- Maintenance.
What’s “Investigation” in SecSDLC?
budgeting, and defining the scope and goals, etc.
What’s “Analysis” in SecSDLC?
Analyzing existing security
policies, programs and threats.
What’s “Logical Design” in SecSDLC?
Developing a blueprint and policies.
What’s “Physical Design” in SecSDLC?
Evaluating the blueprint and agreeing on a final design.
What’s “Implementation” in SecSDLC?
Implementing and testing the security program.
An employee signature of acknowledgement is important.
What’s “Maintenance” in SecSDLC?
Keeping the program up to date.
Includes a report mechanism for users with complaints or suggestions.
