Content uploaded by Andrew Prendergast
Author content
All content in this area was uploaded by Andrew Prendergast on Mar 22, 2023
Content may be subject to copyright.
serialize serialize
ATTACK SURFACE †
research &
development
conceptualization
requirements
engineering
declaration
analysis &
design
definition
implementation
realization
data at-rest
instantiation
data in-use
materialization
data-in-transit
participation
Risk Treatments †
Big Refactors
UX Changes
Certificate of Risk Acceptance (CORA) 6. Testing
1. Business Case
(WHY)
2. Planning
3. Analysis
(WHAT)
4. Design
(HOW)
5. Development
7. Deployment
8. Maintenance
SDLC
I. Inception II. Elaboration III. Construction IV. Transition
RUP
Iterative development (Agile Methodologies)
idea generation [23]
capital raising [38]
functionality
behaviour
(logical)
behaviour
(structural)
architecture
(logical)
architecture
(structural)
code
executable binary
instructions
data
storage
state
data packets
OO Functionality Lifecycle
payment schedule overall
purpose
requirements
elicitation
Business Requirements Specification (BRS)
formal
requirements use cases
use case
diagrams & scenarios
wire-frames
& design-plates
compound
nouns
rejected
nouns
verb
phrases
use case
activity &
communication
diagrams
classes member
variables methods
class diagrams
collaboration &
sequence
(logical interaction)
diagrams
deployment &
package
(architectural)
diagrams
State &
object
(structural interaction)
diagrams
development, coding & telemetry instrumentation †
DevOps by Engineering
DevSecOps by Security Operations Center (SOC) †
Ops by Network Operations Centre (NOC) †
Use-Case Driven Development
Business Requirements GRC Assessment †
Security Requirements †Penetration Testing †
Functional Requirements
Acceptance Testing
Usability Testing
Behavioral Requirements System Testing
Architectural Design Integration Testing
Security Testing †
Programming & Scripting
Unit Testing
Deployment Automation Testing †
Execution Environment Telemetry Testing †
Availability Monitoring †
SDLC Testing V-Model
Figure 9: The Software Engineering Standard Model (informal diagram). Vertices marked with †is an opportunity to incorporate information security into the SDLC. Dashed directed edges are test plans unless noted otherwise.
(C) COPYRIGHT 2023, Andrew Prendergast. All Rights Reserved.