Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The software plans and requirements phase addresses threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans.
Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary)
System Feasibility is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts.
Product design is incorrect because it deals with incorporating security specifications, adjusting test plans and data, determining access controls, design documentation, evaluating encryption options, and verification.
Sources: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252)
KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346).
Due Care and Due Diligence are legal concepts that refer to the responsibilities and obligations of organizations to act reasonably and responsibly to protect the interests of their stakeholders. In the context of software development, Due Care and Due Diligence involve taking appropriate measures to ensure that software is designed and implemented securely, and that potential risks and threats are identified and addressed.
Out of the four phases listed, the phase that normally addresses Due Care and Due Diligence in a software development life cycle is the Product Design phase.
During the Product Design phase, software architects and designers typically analyze the requirements of the software project and design a system that meets those requirements while taking into account security, reliability, and other important factors. This includes identifying potential risks and threats to the system and designing appropriate controls to mitigate those risks. In this way, the Product Design phase is a crucial part of ensuring Due Care and Due Diligence in software development.
The other phases listed in the question are also important in the software development life cycle but do not specifically address Due Care and Due Diligence. For example, the System Feasibility phase involves determining whether the proposed software project is feasible and practical from a technical, financial, and organizational perspective. The Software Plans and Requirements phase involves defining the detailed specifications for the software project. And the Implementation phase involves actually building and testing the software system.
In summary, the Product Design phase is the phase of a software development life cycle that normally addresses Due Care and Due Diligence by identifying potential risks and threats and designing appropriate controls to mitigate those risks.