Scribd Logo
Upload

Welcome to Scribd!

  • 5 views

    Lec # - 5the Security Systems Development Life Cycle

    Uploaded by

    Hamza Shahzad
    The document discusses the security systems development life cycle (SDLC), which consists of six phases: investigation, analysis, logical design, physical design, implementation, and maintenance/change. It also defines some basic concepts in information security such as plaintext, ciphertext, encryption, decryption, cryptography, cryptanalyst, and key.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lec # - 5the Security Systems Development Life Cycle

    Uploaded by

    Hamza Shahzad
    5 views16 pages
    The document discusses the security systems development life cycle (SDLC), which consists of six phases: investigation, analysis, logical design, physical design, implementation, and maintenance/change. It also defines some basic concepts in information security such as plaintext, ciphertext, encryption, decryption, cryptography, cryptanalyst, and key.

    Original Description:

    Original Title

    lec_#_-5The_Security_Systems_Development_Life_Cycle

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the security systems development life cycle (SDLC), which consists of six phases: investigation, analysis, logical design, physical design, implementation, and maintenance/change. It also defines some basic concepts in information security such as plaintext, ciphertext, encryption, decryption, cryptography, cryptanalyst, and key.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    5 views16 pages

    Lec # - 5the Security Systems Development Life Cycle

    Uploaded by

    Hamza Shahzad
    The document discusses the security systems development life cycle (SDLC), which consists of six phases: investigation, analysis, logical design, physical design, implementation, and maintenance/change. It also defines some basic concepts in information security such as plaintext, ciphertext, encryption, decryption, cryptography, cryptanalyst, and key.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 16

    THE SECURITY SYSTEMS

    DEVELOPMENT LIFE
    CYCLE
    LEC 5
    THE SECURITY SYSTEMS DEVELOPMENT LIFE
    CYCLE
    • The systems development life cycle (SDLC) is a methodology for the design and
    implementation of an information system.
    • A methodology is a formal approach to solving a problem by means of a structured
    sequence of procedures.
    • The traditional SDLC consists of six general phases. If you have taken a system analysis
    and design course, you may have been exposed to a model consisting of a different
    number of phases.
    SDLC WATERFALL METHODOLOGY
    SECURITY SDLC PHASES
    PHASE 1: INVESTIGATION

    • Outline project scope and goals


    • Estimate costs
    • Evaluate existing resources
    • Analyze feasibility
    • Management defines project processes and goals and documents these in the program
    security policy
    PHASE 2: ANALYSIS

    • Assess current system against plan developed in Phase 1


    • Develop preliminary system requirements
    • Study integration of new system with existing system
    • Document findings and update feasibility analysis
    • Analyze current threats and controls
    • Perform risk analysis
    PHASE 3: LOGICAL DESIGN

    • Assess current business needs against plan developed in Phase 2


    • Select applications, data support, and structures
    • Generate multiple solutions for consideration
    • Document findings and update feasibility analysis
    • Plan business response to disaster
    PHASE 4: PHYSICAL DESIGN

    • Select technologies to support solutions developed in Phase 3


    • Select the best solution
    • Decide to make or buy components
    • Document findings and update feasibility analysis
    • Design physical security measures to support technological solutions
    PHASE 5: IMPLEMENTATION

    • Develop or buy software


    • Order components
    • Document the system
    • Train users
    • Update feasibility analysis
    • Present system to users
    • Test system and review performance
    • Buy or develop security solutions At end of phase, present tested package to management
    for approval
    PHASE 6: MAINTENANCE AND CHANGE

    • Support and modify system during its useful life


    • Test periodically for compliance with business needs
    • Upgrade as necessary
    • Constantly monitor, test, modify, update, and repair to meet changing threats
    BASICS OF INFORMATION SECURITY

    • Plain text
    • Cipher text
    • Encryption
    • Decryption
    • Cryptography
    • Cryptanalyst
    • Key
    BASICS OF INFORMATION SECURITY

    • Plain text
    • Plaintext can refer to anything which humans can understand and/or relate to. This may
    be as simple as English sentences, a script, or Java code. If you can make sense of what is
    written, then it is in plaintext.
    CIPHER TEXT

    • Cipher text, or encrypted text, is a series of randomized letters and numbers which humans cannot
    make any sense of.
    • An encryption algorithm takes in a plaintext message, runs the algorithm on the plaintext, and
    produces a cipher text.
    • The cipher text can be reversed through the process of decryption, to produce the original
    plaintext.
    • Example: We will encrypt a sentence using Caesar Cipher. The key is 7, which means the letter a
    becomes h.
    • Plaintext: This is a plaintext.
    • Ciphertext: Aopz pz h wshpualea.
    ENCRYPTION

    • Encryption
    • Encryption is the process of translating plain text data (plaintext) into something that
    appears to be random and meaningless ( cipher text ).

    • Decryption
    • Decryption is the process of converting ciphertext back to plaintext.
    CRYPTOGRAPHY

    • Cryptography is an automated numerical tool that plays an essential role in network


    security. It provides the confidentiality and integrity of data and supports authentication
    and non-repudiation to the users.
    • Cryptography can play some multiple roles in user authentication.
    CRYPTANALYST

    • The person practicing Cryptanalysis is called a Cryptanalyst. It helps us to better


    understand the cryptosystems and also helps us improve the system by finding any weak
    point and thus work on the algorithm to create a more secure secret code. For example, a
    Cryptanalyst might try to decipher a ciphertext to derive the plaintext.
    KEY

    • A key in cryptography is a piece of information, usually a string of numbers or letters that


    are stored in a file, which, when processed through a cryptographic algorithm, can encode
    or decode cryptographic data.

    You might also like