Security and Risk management in SDLC Software development Life cycle
Initiation: Security User Stories Identified
Planning: Incorporate Risk identified in System
Architecture and Design.
Implementation: Assess Identified Risk on
Monitoring & Control: Changes, CR (Change request
must be reauthorized.
Closing: Dispose off unwanted software, hardware &
Security Risk Management in
Step 1. System Characterization
Step 2. Threat Identification
Step 3. Vulnerability Identification
Step 4. Control Analysis
Step 5. Likelihood Determination
Step 6. Impact Analysis
Step 7. Risk Determination
Step 8. Control Recommendations
Step 9. Result determination.
Risk Management Steps Defined under
Risk Management Process Groups : Input – process –
- Outputs: (Risk Register, Risk Management plan, Risk
Response, Communication Management plan,
Quantitative and Qualitative Risk Assessment and
This is Almost similar To NIST methodology discussed
PMI groups deals with Project management in general.
Whereas in NIST RM steps are Generic and platform
independent to work across multiple methodology.
This is Evolving presentation: Will add more details
Refer Blog/presentation Read by almost 50,000
people. More details and write up can be found at: