Initiation

During the initiation stage security risk assessment and security planning for the software project are carried out. Key activities in the initiation stage include:

Security risk assessment [Mandatory] - A security threat and risk assessment should be carried out to identify and evaluate potential threats and risks for the software being implemented and define how the risks will be mitigated.
Security roles [Mandatory] - Identify and confirm key security roles in a software implementation project including roles forr defining security requirements, security design and testing
Security awareness[Mandatory] - Ensure all key stakeholders have a common understanding of the goals, implications, considerations and requirements of performing security
Security activities and milestones [Mandatory] - During the initiation stage, key security activities and milestones should be defined and incorporated as part of the project plan

The initial risk assessment is subject to continued review and update throughout the software life cycle.

Outputs:

Threat and risk assessment
Security plan with key milestones, roles and responsibilities

Software Life Cycle

Initiation

Acquisition

Architecture & Design

Development

Testing

Deployment Phase

Operations and Maintenance

Upgrade /Decommission

Initiation

No Comments