SDLC (Software Development Lifecycle) Security Control

During SDLC process what are the key security controls that you need to aware? below the list:

1. Risk Assessment
Risk assessment will be specific and detailed, since the project participants will have actual specifications for the hardware and software that will be used to implement the system.

2. Functional Requirements Analysis
Ensure that project participants review the system ’ s functional requirements to help determine the security requirements necessary for successful implementation.

3. Assurance Requirements Analysis
Determine what development work and assurance evidence are necessary to establish confidence that the security will work correctly and effectively.

4. Cost Considerations and Reporting
Determine how much of the project cost will be attributed to security over the life of the system.

5. Security Planning
Ensure that security controls are adequately documented. This plan should also include any attachments or references to other information security program documents (i.e., incident response plan, risk assessments, etc.) within the organization when appropriate.

6. Control Development
Ensure that the security controls documented during the security planning activity are designed, developed, and implemented properly

7. Developmental Security Test and Evaluation
Ensure that any controls developed for the system are effective and working properly. Some of these controls, however, will not be testable until the Deployment Phase.

8. Other Planning Components
Ensure that the incorporation of the security controls and requirements is in line with all the other components of the development and implementation processes