Secure Software Development Certification: Security Controls for SDLC Deployment Phase

Security Controls for SDLC Deployment Phase

Question

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution.

Choose all that apply.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

BCD.

The various security controls in the SDLC deployment phase are as follows: Secure Installation: While performing any software installation, it should kept in mind that the security configuration of the environment should never be reduced.

If it is reduced then security issues and overall risks can affect the environment.

Vulnerability Assessment and Penetration Testing: Vulnerability assessments (VA) and penetration testing (PT) is used to determine the risk and attest to the strength of the software after it has been deployed.

Security Certification and Accreditation (C&A): Security certification is the process used to ensure controls which are effectively implemented through established verification techniques and procedures, giving organization officials confidence that the appropriate safeguards and countermeasures are in place as means of protection.

Accreditation is the provisioning of the necessary security authorization by a senior organization official to process, store, or transmit information.

Risk Adjustments: Contingency plans and exceptions should be generated so that the residual risk be above the acceptable threshold.

The deployment phase is the last phase of the Software Development Life Cycle (SDLC) in which the software product is deployed and made available to the end-users. It is essential to apply security controls during the deployment phase to ensure that the software is secure and functions as intended. Below are the security controls that can be used during the deployment phase of SDLC:

A. Change and Configuration Control: It is an essential security control that helps in managing changes to the software and hardware configurations. This control ensures that the software is deployed with the correct configurations and that any changes to the configurations are authorized and documented. This control ensures that unauthorized changes do not occur during the deployment phase, and the software remains secure.

B. Security Certification and Accreditation (C&A): It is a process that ensures that the software meets the necessary security standards and is certified for deployment. This control is used to evaluate the software for security risks and vulnerabilities and certify that it is secure for deployment. Accreditation is the official authorization to operate the software product.

C. Vulnerability Assessment and Penetration Testing: Vulnerability assessment and penetration testing are essential security controls that identify any potential security risks and vulnerabilities that could be exploited by attackers. Vulnerability assessments help in identifying weaknesses in the software and provide recommendations to fix them. Penetration testing helps in identifying how attackers could exploit these vulnerabilities and provides recommendations to prevent them.

D. Risk Adjustments: Risk adjustments are security controls that help in managing the risks associated with the deployment phase. This control ensures that the risk associated with deploying the software is minimized and that the software remains secure.

In summary, Change and Configuration Control, Security Certification and Accreditation (C&A), Vulnerability Assessment and Penetration Testing, and Risk Adjustments are essential security controls that can be used during the deployment phase of SDLC to build secure software.