Ignoring information assurance in system development

Consideration of information assurance requirements during system design and development

Postponing information assurance until the implementation phase

Outsourcing information assurance activities

During the disposal phase

After the implementation phase

At the beginning and throughout all stages of system development

Only during the initiation phase

They are cheaper to implement

They prevent all security breaches

They are easier to manage

They can be integrated seamlessly into the system

It reduces the need for security audits

It prevents any disruptions to current operations

It eliminates the need for security controls

It increases the need for operation

System requirements

User manuals

System security plan

Hardware components

Acquisition/Development

Operation/Maintenance

Implementation

Initiation

Risk assessment

Determining system functionality

Identifying information categories

Implementing security controls