PRIORITIZING INFORMATION SECURITY: ANALYSIS OF SOFTWARE DEVELOPMENT LIFE CYCLE METHODOLOGIES USING THE NIST CYBERSECURITY FRAMEWORK

Abstract

Information security has become a critical concern for companies seeking to protect data, customer information, and other sensitive assets. In addition to safeguarding data, software development now faces growing threats from hackers and malicious actors in the IT field. The challenge extends beyond ensuring the final product can withstand attacks—it also involves securing the software throughout the development process. This study drew upon existing research and literature to develop its framework and insights. Sources were obtained from reputable, indexed journals. Studies related to the software development lifecycle and the NIST Cybersecurity Framework were carefully analyzed to inform the research and achieve the study’s final objectives. The study revealed how each Software Development Life Cycle (SDLC) model can incorporate the five phases of the NIST Cybersecurity Framework. During the initiation phase, all models follow a similar process for data gathering and consideration of information, data, and security requirements. The primary difference lies in how each model maintains this information and transfers it to subsequent phases. Based on the study’s findings, it is recommended that future researchers examine other Software Development Life Cycles (SDLCs), such as Iterative Waterfall, Agile Scrum, and emerging models, to explore the integration of information security and its benefits for the development process. Additionally, it is recommended that existing SDLCs incorporate new phases addressing data transition, storage, archival, and disposal to align with the final phase of the NIST framework. These recommendations can help project managers better understand the importance of information security and its advantages in terms of project development and organizational economic efficiency.