Design of cybersecurity hands-on laboratory exercises using secDLC framework

Abstract

In software development, the life cycle in general consists of four different phases, which includes the design phase, development phase, implementation phase, and testing phase. The phases are being followed to ensure production of high-quality software that meets the demands and expectation of its intended audience. Security development follows a similar life cycle known as the Security Development Life Cycle (SecDLC) [1] to keep improving security in the real world. SecDLC is comprised of four distinct stages: Assessment, Detection, Protection, and Response. The goal of the SecDLC is to maintain, preserve, monitor, and improve information security. This paper outlines the initial development of the hands-on labs that would address every stage of SecDLC and thus provide practical tools to educate cybersecurity professionals. The labs developed will be a part of a new Cybersecurity educational framework.