Table 3: Activities of the analysis and design phase.

DisciplineWorkflowActivity

AssetIdentify Risk Assessment StrategyIdentify Risk Assessment Strategy
Analyze AssetIdentify Asset Lifecycle-Identify Asset condition-Identify Asset Qualitative Analysis-Acceptable Use of Asset-Give Value to the Security Golden Triangle
Classify AssetLabel Asset-Prioritize Asset
Identify And Analyze RiskIdentify Threats-Identify Organization Vulnerabilities-Calculate Vulnerabilities Effect-Calculate Threats Effect-Identify Risks-Organization Risks Assessment
Plan Risks EliminationAssign Risks to Designs
Prioritize DesignsIdentify Organization Security Levels-Prioritize Designs into Security Levels
Design Human SecurityDesign Training Program-Segregation Security Role-Design Human events Procedure
Design Physical SecurityDesign Earthing Hole-Design Physical Access Control-Design Fire Control-Design UPS-Design Camera-Design Wireless-Design Hardware Security Tools-Design Cabling-Design 2 and 3 Layer Tools-Design Server Room-Design Server Side-Design Client Side
Design Logical SecurityDesign Availability-Design Reliability-Design Redundancy-Design Software Security Tools-Design Network Topology-Design Backup-Design Protocol-Design Switching-Design Logical Access Control-Design Zoning-Design Naming-Design Domain-Design Network Services-Design Platform-Design Communication Services-Design Software Framework Security-Design Source Security

Security PolicyDocument Human Information Security PolicyHuman Access Control Procedure-Human events Procedure-Training Program Procedure-Security Use of Data Procedure-Human Confidentiality Agreement Procedure-Exchange Agreement Procedure-Prior Employment Procedure-During Employment Procedure-Termination Employment Procedure-punishes Employment Procedure-Probable Events Procedure
Document Logical Information Security PolicyPolicy Cryptographic Procedure-Regulation Cryptographic Procedure-Information Handling Procedure-Data Exchange Procedure-Logical events Procedure-Logical Asset removal procedure-Logical Separation of Development Procedure-Logical Disposal and Reuse Procedure-User Registration Procedure-Mobile Computing-Teleworking-Monitoring System Procedure-Input Validation Procedure-Output Validation Procedure-Control Internal Processing Procedure-Restriction Change Package Procedure-Control Installation Package Procedure-Sensitive System Isolation Procedure-Out Sourcing Procedure-Internal Producing Procedure-Availability Procedure-Reliability Procedure-Redundancy Procedure-Software Security Tools Procedure-Network Topology Procedure-Backup Procedure-Protocol Procedure-Switching Procedure-Logical Access Control Procedure-Zoning Procedure-Naming Procedure-Domain Procedure-Network Services Procedure-Platform Procedure-Communication Services Procedure-Software Framework Security Procedure-Source Security Procedure
Document physical Information Security PolicyPhysical Asset Removal Procedure-Physical Separation of Development Procedure-Sitting and Protection Procedure-Supporting Utilities Procedure-Equipment Maintenance Procedure-Clean Environment procedure-mobile computer procedure-Physical Disposal and Reuse Procedure-Human events Procedure-Earthing Hole procedure-Physical Access Control procedure-Fire Control procedure-UPS procedure-Camera procedure-Wireless procedure-Hardware Security Tools procedure-Cabling procedure-2 and 3 Layer Tools procedure-Server Room procedure-Server Side procedure-Client Side procedure

ImplementationBuy Security ToolsPrioritize Need Tools

Configuration and Change ManagementManage Change RequestsSubmit Change Request-Update Change Request-Review Change Request-Confirm Duplicate or Rejected CR

Project ManagementMonitor and Control ProjectMonitor Project Status-Schedule and Assign Work-Report Status-Handle Exceptions and Problems
Manage IterationAcquire Staff-Initiate Iteration-Assess Iteration
Evaluate Project Scope and RiskIdentify and Assess Risks-Develop Business Case
Close-Out PhasePrepare for Phase Close-Out
Plan for Next IterationDevelop Iteration Plan-Develop Business Case