Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!


prevention measures for vulnerabilities

prevention measures for vulnerabilities

prevention measures for vulnerabilities

The identification of potential security vulnerabilities in Yahoo Inc will undergo System Development Lifecycle Practices to ensure the underlying systems are assuredly protected by modern security practices and controls. In each of the phases of SDLC, the security mechanisms are explicitly tailored to the system requiring the control (McCown, 2002). The purpose of this study is to review the applicable Security Controls to the vulnerabilities as mentioned earlier in the attached spreadsheet. Thus, providing prevention, detection, and response mechanisms within each of the SDLC phases.

The first phase of the SDLC is Initiation, as such this consists of weighing the potential gains and losses if specific controls are implemented. Scope creep is a primary concern in this phase of SDLC as budgets become an issue when requiring specific controls to be redesigned. The formal risk assessment process is a requirement in the initiation phase as there are likely to be threats that target the CIA triad of the system design. The impact of the threat to the CIA triad as it applies to the risk assessment results in security controls derived explicitly for that Information System.

In a noniterative approach Acquisition and Development of the security hardware and or software will build upon the initiation phase of SLDC (Haridas, 2007). In the initial risk assessment in the initiation phase, the resulting security controls are defined as the acquired assets in SDLC. Before the Development portion of this phase can begin, the risk assessment should call out all the applicable vulnerabilities and the level of threat to all the underlying assets. The reciprocity of internal systems and their interoperable security controls are detailed explicitly in this phase as they apply to the underlying development of the system in development.

In the third phase of SDLC, Implementation requires that the system undergoes testing of the implemented security controls to assure that a viable authority to operate Security Package is approved for the system. The stakeholders and all vested personnel in this phase are apprised of any due outs required for the system. Another chance to test the security controls and the viable efficiency of the system is executed in this phase as well.

The fourth phase of the SDLC is the Operate and Maintain and requires close monitoring of the system to ensure that the controls and system are operating within the scope of what they are intended to do (Bird, 2017). Changes to the system at this time should, of course, be documented and carefully reviewed for accuracy and meet expectation. In this phase, continuous monitoring and modification of security controls will ensure that the authority to operate on the network security package is relevant to the timeframe in which it will be submitted. In the fifth phase of the SDLC, we will focus on ending the lifecycle of the system with security methods commensurate with the impact on any controls impacting the retiring system. Disposal of any valuable information using destruction methods approved by the organization’s policy is carried out as a final step in the final phase of SDLC.


Haridas, N. (2007, April). Software Engineering – Security as a Process in the SDLC. SANS Institute InfoSec Reading Room, (), . Retrieved from

Bird, J. (2017, October). 2017 State of Application Security: Balancing Speed and Risk. SANS Institute InfoSec Reading Room, (), . Retrieved from

McCown, C. (2002, November). Framework for Secure Application Design and Development. SANS Institute InfoSec Reading Room, (), . Retrieved from

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: On Time Writers only hire the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by On Time Writers are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. On Time Writers is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At On Time Writers, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.