System Development Life Cycle (SDLC) and General Controls

These flashcards cover the key concepts related to the System Development Life Cycle (SDLC) and general controls as outlined in the lecture notes.

What are the five phases of the System Development Life Cycle (SDLC)?

1. Request submission, needs assessment and selection 2. Planning and design 3. System development and testing 4. Implementation 5. Post-implementation review

What occurs during the request submission, needs assessment, and selection phase of SDLC?

The process starts when a user or management identifies a business need for a new or improved system, followed by a formal written request and a feasibility study evaluating user requirements, cost vs. benefit, and potential solutions.

What is developed during the planning and design phase of SDLC?

A project team is formed to create a project plan that includes tasks, deadlines, and roles, leading to a System Specification document.

What are the main areas of focus during the system development and testing phase of SDLC?

1. Development area (coding), 2. Test area (various tests, including unit, integration, system, stress, and User Acceptance Testing), 3. Production area (moving system to live environment).

What are the three stages of the implementation phase in SDLC?

1. System Close-Off and Data Cleanup, 2. System Conversion, 3. Post-Conversion Review.

What is evaluated during the post-implementation review phase of SDLC?

The review evaluates system performance and user satisfaction, error detection and resolution, and the adequacy of training and documentation.

What are the types of controls classified under general controls?

1. Preventative controls, 2. Detective controls, 3. Corrective controls.

What are examples of authentication controls in preventative controls?

Examples include passwords, security questions, electronic keys, biometric attributes, one-time pins, and CAPTCHA.

What is the 'Least Privilege Principle' in access controls?

Authenticated users are granted access only to the computer resources necessary for them to perform their duties.

What should a comprehensive emergency/disaster recovery plan include?

It should include formal documentation, employee responsibilities, procedures to follow during a disaster, and arrangements for alternative processing and backup facilities.