This article describes the primary concepts associated with organizing and managing the system-related information security risk in organizations. RISK MANAGEMENT OVERVIEW: ★ This section describes the primary concepts associated with organizing and managing the system-related information security risk in organizations. To undertake the Managing information on security and the privacy-related task is a complex, and it’s required a broad perspective which involves the entire organization from the Chief Technology Officer (CTO), Network Security Architect (NSA) providing the strategic vision and goals and objectives for the organization, to mid-level leaders planning, managing, and executing the visions, to associate level individuals developing, implementing, operating, and maintaining the organization’s strategic missions and business functions. ★ Risk management is a reciprocal activity that includes mission and organization planning, network architecture, the SDLC processes, identify, evaluate, and prioritize risks followed by the application of resources to minimize, the control impact of unfortunate events or to maximize the realization of events. ★ The given below figure illustrates a multi-level approach to the organizational risk management flow. The communication between the business and organization is in bi-directional flow. ★The actions conducted at Level 1 and Level 2 are critical to preparing the organization to execute the risk management framework. Allocating roles and responsibilities for organizational risk management processes; ★ If any organizations that fail to define and implement an effective network architecture approach will probably have difficulty in consolidating, optimizing, and standardizing their I.T infrastructures in a timely manner and also in-adequate preparation by organizations which leads to network redundancy as well as inefficient business concepts, costly and vulnerable systems, services, and customer applications. Importance of Risk management: The importance of risk management is to identify the potential problems before it emerges usually, they occur unconditionally. It helps the IT managers to balance the CAPEX/OPEX costs in the organization and also take protective measures and gains much control power. ★ Risk management consists of three processes as , , and . So, that risk-handling activities should be planned accordingly and invoked as needed across the software product life cycle to mitigate adverse impacts to achieve the desired goals. There are seven well-defined steps to carry out the successful execution in risk management. Risk assessment Risk Mitigation Risk evaluation The steps are; ✔ To execute a framework based on organization and a system-level perspective by establishing a context and priorities it. Prepare: ✔ system information is processed, stored, and transmitted. ✔ An initial set of controls required for the system to mitigate risk. ✔ Implement the organizational controls within the system. ✔ To determine if the controls are implemented correctly and operating as expected and producing the desired outcomes to meet the security and privacy standards. Categorize: Select: Implement: Assess: ✔ To authorize individuals, other organizations are acceptable. Allow: ✔ It helps to highlight whether defined strategies are effective in the system. Integration of Risk management into SDLC: Monitor: Integration of Risk management into SDLC: ★ Minimizing a negative impact on an organization and the need for a sound basis in decision making is the fundamental reason organizations implement a risk management process for their IT systems. We must integrate effective risk management into the Software development life cycle (SDLC). ★ The software development life cycle (SDLC) is a software framework defining tasks performed during each step in the SDLC process. It is a detailed structure followed by a software development team within the organization. It comprises a detailed plan describing how to develop, maintain, and replace specific software. ★ There are five software developmental phases include Planning, Analysis, Design, Implementation, and Maintenance. However, the risk management method is the same regardless of the SDLC development phases. Risk management is an iterative process that can be performed during each major phase of the Software development life cycle. SDLC PHASES: REQUIREMENT ANALYSIS DESIGN IMPLEMENTATION (CODING) TESTING DEPLOYMENT & MAINTENANCE 1.REQUIREMENT ANALYSIS: Project goals and high-level plans are to be determined from the endpoint. The following key will activities take place: SDLC CHARACTERISTICS: Identification of the development and business requirements. 2. Feasibility assessment. 3. Creation of project plan. To Identify risks are used to support the development of the system requirements. RISK MANAGEMENT PROCESS: 2. DESIGN: This phase includes business rules, pseudo-code, layouts, and functional design documentation works. The following key activities will take place: SDLC CHARACTERISTICS: 1. Design System model and 2. Design Infrastructure model. The risks identified in this phase later can support the security analysis, I.T architecture and design tradeoffs in the system development RISK MANAGEMENT PROCESS: 3. IMPLEMENTATION (CODING): Phase 1& 2, are formulated in order an actual system. The following key activities will take place: SDLC CHARACTERISTICS: 1. Development of Database and codes 2. Development of Infrastructure codes and 3. Documents divided into modules and units. This process supports the assessment of the system implementation against its requirements and within its modeled operational environment. Bugs must be logged and corrected. RISK MANAGEMENT PROCESS: 4. TESTING: Codes are integrated and deployed in the testing environment. The following key activities will take place: SDLC CHARACTERISTICS: 1.functional testing. 2.Unit testing, 3. Integration testing, 4. System testing and 5. Acceptance testing. whenever major changes are made to the system module in its operational, production environment (e.g., new system interfaces). re-authorization is performed for any major changes. It should guarantee the testing module is performed correctly and all the bugs have been rectified. RISK MANAGEMENT PROCESS: 5. DEPLOYMENT & MAINTENANCE: After testing, product is delivered to the customer. SDLC CHARACTERISTICS: After the risk assessment, it is ready to be delivered to the customer. RISK MANAGEMENT PROCESS: Product maintenance will take place. SDLC CHARACTERISTICS: Post-delivery maintenance and product support will be provided as per the agreement. RISK MANAGEMENT PROCESS: Conclusion: In this article, we discussed the primary concepts associated with organizing and managing the system-related information security risk in organizations. Quote of the day: “ ” — English Proverb A picture is worth a thousand words Thanks for reading! Have a pleasant day! Also published at https://medium.com/faun/risk-management-overview-integration-of-risk-management-into-sdlc-ae48de24b743

Flow

Timely

Cracking The HMAC Message Authentication System In Cryptography

Guide to Risk Assessment Management and ISO/IEC 27002/27005

Nominated for 2022 - HackerNoon Contributor of the Year - Internet

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

What Is Risk Management And How To Integrate It Into SDLC: Best Explanation Ever

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

5 Simple Ways To Get Rid Of High CPU Usage Troubles on Windows

06/09/2018: Biggest Stories in the Cryptosphere

07/09/2018: Biggest Stories in the Cryptosphere

0x Protocol, Waves, and EtherDelta: Solutions and Limitations of Distrust

03/09/2018: Biggest Stories in the Cryptosphere

5 Simple Ways To Get Rid Of High CPU Usage Troubles on Windows

06/09/2018: Biggest Stories in the Cryptosphere

07/09/2018: Biggest Stories in the Cryptosphere

0x Protocol, Waves, and EtherDelta: Solutions and Limitations of Distrust

03/09/2018: Biggest Stories in the Cryptosphere

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps