1.) Investigation - Costs, goals, feasibility, resources, and scope are analyzed, outlined, and documented by management.
2.) Analysis - Assess current system vs. the plan in phase 1. Develop requirements and integration to existing system, perform risk analysis and examine legal issues, document and analyze current threats.
3.) Logical Design - Assess current business needs vs. the plan in phase 2. Develop a security blueprint, plan incident report actions and business disaster response, determine feasibility of continuation of project or outsourcing, select applications, data support and structures, consider multiple solutions for consideration, document findings.
4.) Physical Design - Technologies selected to support phase 3. Best solution is chosen, decision made to make or buy components, technologies needed to support blueprint are chosen, define successful solution, design physical security measures, approve project.
5.) Implementation - Develop or buy software, components, security solutions. Document the system, train its users, test system and review performance, and present tested package to management for approval.
6.) Maintenance and Change - Support and modify the system during its lifespan, periodically testing for business need compliance. System is monitored then patched, upgraded, and repaired as needed to meet changing threats.