Cybersecurity: Engineering a
Secure Information Technology
Organization, 1st Edition
Chapter 1
Lifecycle Management
Objectives
Understand the role of lifecycle management in the
production of secure ICT products
Understand the status of the ICT industry and why it
is not always trustworthy
Understand the role of common standards in the
definition of reliable organizational processes
Understand the role and application of ISO 122072008 in shaping enterprise architecture
Lifecycle Management
Failure to manage an information and
communications technology (ICT) operation using
a rational lifecycle:
Leads to unreliable and insecure products
Lifecycle Management
ICT development and sustainment processes are
complex
Managers find it difficult to oversee and control the
work
10
11
12
13
14
15
16
17
18
19
20
21
22
Importance of motivation:
Initiates, directs, and sustains all forms of behavior
Ensures a persons willingness to consistently
execute a given task or achieve a specific goal
Cybersecurity: Engineering a Secure Information Technology
Organization, 1st Edition
23
24
25
26
27
28
29
30
31
Implementing a Company-Wide
Process
Alignment: a provable relationship between an
organizations business goals and the underlying
process to achieve those goals
Efficient use of resources is the primary reason that
alignment is important
If lifecycle management activities are aligned with
its business goals:
None of the resources allotted to carry out these
processes are wasted
Represents a distinct competitive advantage
Cybersecurity: Engineering a Secure Information Technology
Organization, 1st Edition
32
33
34
35
36
37
38
39
40
Agreement processes
Organizational project-enabling processes
Project processes
Technical processes
ICT-specific processes
ICT support processes
ICT reuse processes
41
42
43
Tailoring a Solution
The ISO 12207 model along does not provide
sufficiently detailed guidance to make an
organization manageable
Processes within the framework still have to be
tailored to fit each given situation
44
Tailoring a Solution
Tasks are an explicitly defined set of work
instructions for a particular role in the process
Work instructions are project specific and generally
cannot be applied to another project
They represent an organizations current best
approach to executing the tasks required for a given
project
45
Tailoring a Solution
Goals of tailoring are achieved in three standard
steps:
A commonly accepted model for secure practice has
to be adopted as a best-practice foundation
Particular activities are specified for each process
Tasks are assigned in the form of explicit work
instructions
46
47
48
Summary
The ICT lifecycle is composed of a coherent set of
best practices, and is defined by policies
To develop a successful, defect-free ICT product, a
disciplined set of practices has to be adopted and
followed
Lifecycle management planning is strategic in focus; it
entails the design of the approach used to build,
acquire, or sustain ICT
Lifecycle management ensures alignment between
the organizations ICT process and its business goals
Cybersecurity: Engineering a Secure Information Technology
Organization, 1st Edition
49
Summary
Disciplined and repeatable processes involve less
rework and are therefore less costly and more
efficient than processes that are not properly
disciplined
Lifecycle management monitors the status of each
project
Status is determined by adherence to benchmarks
50