Which of the following phases of a system development life-cycle is most concerned with maintaining proper authenticationof users and processes to ensure appropriate access control decisions?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The operation phase of an IT system is concerned with user authentication.
Authentication is the process where a system establishes the validity of a transmission, message, or a means of verifying the eligibility of an individual, process, or machine to carry out a desired action, thereby ensuring that security is not compromised by an untrusted source.
It is essential that adequate authentication be achieved in order to implement security policies and achieve security goals.
Additionally, level of trust is always an issue when dealing with cross-domain interactions.
The solution is to establish an authentication policy and apply it to cross-domain interactions as required.
Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 15).
The correct answer is C. Operation/Maintenance.
The system development life-cycle (SDLC) is a process used by organizations to design, develop, and maintain information systems. It includes several phases such as initiation, development/acquisition, implementation, and operation/maintenance.
In the context of information security, the operation/maintenance phase is the most important phase for maintaining proper authentication of users and processes to ensure appropriate access control decisions. During this phase, the system is in operation and it is necessary to continuously monitor and manage the system to ensure that it is secure.
Proper authentication is critical to ensure that only authorized users and processes are accessing the system. This includes verifying the identity of users through the use of strong passwords, multi-factor authentication, and other authentication mechanisms. It also involves ensuring that processes are properly authenticated before they are allowed to access system resources.
During the operation/maintenance phase, security administrators must monitor the system for any unauthorized access attempts and respond appropriately. This includes reviewing system logs, conducting regular vulnerability assessments, and implementing security patches and updates as necessary.
In contrast, the development/acquisition phase is concerned with the design and development of the system, and the implementation phase is focused on the installation and configuration of the system. While these phases are important for ensuring that security is integrated into the system from the beginning, they are not as critical for maintaining proper authentication and access control as the operation/maintenance phase. Similarly, the initiation phase is focused on defining the scope and objectives of the project, and is not directly related to maintaining proper authentication and access control.