Professional Documents
Culture Documents
INFT 6147 Assignment 3
INFT 6147 Assignment 3
INFT 6147 Assignment 3
Describe top-down strategic planning. How does it differ from bottom-up strategic planning?
Which is usually more effective in implementing security in a large, diverse organization.
The top-down approach features upper management support and setting organizational goals at
the top level. These leaders set the vision, mission, and overall objective, which flow to the
lower levels (middle management, support staff, etc). The lower levels begin to focus their plan
of action, coordinate the strategy set forth by upper management, and work holistically on
implementing the necessary security (Whitman & Mattord, 2018).
The bottom-up approach begins when lower levels look at their systems and areas to improve
security. The individuals use their expertise to understand the threat mechanisms that are in
place. This empowers the staff to work together for a common cause and look at what
innovative practices they could use to put into place the resources they have. This creates a
shared decision-making process that instills inclusivity around balanced solutions (Whitman &
Mattord, 2018).
What is a systems development life cycle methodology? What is the primary objective of the
SecSDLC? What are its major steps, and what are the major objectives of each step?
Systems development life cycle (SDLC) methodology is the design and implementation of an
information system in an organization (Whitman & Mattord, 2018, p. 124). The primary
objective of the security systems development life cycle (SecSDLC) is the identification of
specific threats and the risks that they represent as well as the subsequent design and
implementation of specific controls to counter threats and manage risk (Whitman & Mattord,
2018, p. 124). Its major steps and objectives are:
Investigation- directive from upper management specific process, goals, and outcomes
of the project and its budget constraints.
Analysis- the team studies the documents from the investigation.
Design (logical/physical)-
o Logical design, the team creates a blueprint for security and examine and
implement key policies that influence later decisions.
o Physical design, the team evaluates the technology needed to support the
security blueprint, generate other solutions, and agree on final design.
Implementation- security solutions are acquired, tested, implemented, and retested.
Maintenance- constant monitoring, testing, modifying, updating, and repairing.
(Whitman & Mattord, 2018, p. 125-131)
GOVERNANCE AND STRATEGIC PLANNING FOR SECURITY 3
Reference