| π Back to Exam Syllabus | πΊ RooCloud on YouTube | π RooCloud Practice Exams |
CISSP 20.1 - Introducing Systems Development Controls (Part 3 of 5)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series carries the Domain 8 build forward from writing code through testing, maintenance, and the major life cycle models. It walks the middle and later stretches of development so security can ride along at every stage rather than getting left behind when features rush to launch.
What this episode covers
- Coding and code reviews β writing to the approved design and stepping through modules line by line at milestones.
- Testing before go-live β moving from developers to users, adding regression checks, and ending in formal acceptance.
- Change management β running for the life of the system, with every change flowing through a formal process.
- Choosing a life cycle model β discipline over chaos, verifying fit, and weaving security into whatever the team picks.
- Waterfall and spiral β sequential stages with limited backtracking versus repeated prototype loops that resolve risk.
- Agile and Scrum β a philosophy of change, with daily scrums, a scrum master, and releasable sprints.
- Integrated product teams and SAFe β collaborative multifunctional groups and a framework that scales agile to the enterprise.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What happens once coding begins, and how is it reviewed?
Once stakeholders bless the design, developers start writing code that matches the agreed plan and applies secure coding principles. Because fresh code always hides mistakes, project managers schedule code review walk-throughs at coding milestones. In these technical sessions, developers sit with a specific module and step through it line by line, hunting for logic errors and security flaws. Usually only development staff attend, and the goal is to confirm each teamβs code behaves as specified.
How do you test a system before it goes live?
Testing starts inside the team, then widens as developers and real users run the system against scripted scenarios covering ordinary and unusual activity. When updating an existing system, regression testing confirms the new code behaves like the old except for intended changes. Cover both functional testing, which proves the software works, and security testing, which proves no serious weaknesses slipped through, before users perform acceptance testing to agree it is ready for production.
Why does change management never really end?
Because the moment a system goes live, its maintenance begins and never stops. Operational needs, data volumes, storage, and the surrounding environment all keep shifting, so you need a skilled support team ready for routine and surprise upkeep. Every change to the code must flow through a formal change management process rather than happening ad hoc, so nothing slips in unreviewed, much as a bridge carries traffic for decades only because crews inspect it on schedule.
How do the waterfall and spiral models differ?
Waterfall views development as sequential stages, each completed before the next, with iterative and modified versions adding feedback loops and verification and validation, though it lets you step back only one phase. The spiral model wraps several waterfall passes into repeated loops, a model of models, where each loop produces a new prototype and you can return to planning whenever changing technology or customer needs demand it, resolving risks each time around.
What makes agile different, and how does Scrum apply it?
Agile grew from a reaction against rigid, heavyweight models, valuing individuals and interactions, working software, customer collaboration, and responding to change. It is a philosophy rather than a single method, and Scrum is the most popular practice. Scrum runs on short daily meetings guided by a scrum master, with work happening in sprints of usually one to four weeks, each ending in a functioning, releasable product that grows richer sprint by sprint.
π Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 20.1 - Introducing Systems Development Controls (Part 3 of 5).