Disposal
In this phase, plans are developed for discarding system information, hardware, and software to make the transition to a new system. The purpose is to prevent any possibility of unauthorized disclosure of sensitive data due to improper disposal of information. All of this should be done in accordance with the organization’s security requirements.
Support from Risk Management Activities
The Risk Management plan developed must also include threats to the confidentiality of residual data, proper procedures, and controls to reduce the risk of data theft due to improper disposal. However, by identifying the risk early in the project, the controls could be documented in advance ensuring proper disposition.
- Risk Factors:
- Lack of knowledge for proper disposal: Proper disposal of information requires an experienced team, having a plan on how to handle the residual data.
- Lack of proper procedures: Sometimes in a hurry to launch a new system, the organization sidelines the task of disposal. Procedures used to handle residual data should be properly documented, so that they can be used in the future.
Integrating Risk Management in SDLC | Set 3
Prerequisite – Integrating Risk Management in SDLC | Set 1, and Set 2.
We have already discussed the first four steps of the Software Development Life Cycle. In this article, we will be discussing the remaining four steps: Integration and System Testing, Installation, Operation and Acceptance Testing, Maintenance, and Disposal. We will discuss Risk Management in these four steps in detail.