A Proactive Approach Toinformation Security

Some software vendors already endeavor to deliver software systems that provide Confidentiality, Integrity, and Availability of a customer's software, hardware, and data assets. However, because of the changing business environment, because of new attack hazards, and because of the damages of an insecure system, all software vendors cannot assume that they are secure. Vendors must be proactive and address security early in the software development lifecycle (SDLC) by focusing on training, by performing risk and threat assessments, and by designing security into the software system. Each software vendor differs in their implementation of the SDLC. By integrating both the author's experience and multiple sources of industry thought, this paper presents a generalized yet holistic view of integrating security in the SDLC. This paper serves as a springboard for a vendor who has little experience in security, and who is considering integrating security in the SDLC to create a more secure software system.