Conduct analysis of business needs: The information security professional must work closely with the business/mission users and the information technology staff to have a firm grasp of the solution that is required by the business and proposed by IT. This is an opportunity for the information security professional to add value to the project team by providing alternatives and ensuring that a secure proposal is developed.

During this phase, you will typically be conducting solution reviews versus outright technical testing. This is a very important part of the overall project life cycle, since this is where key project decisions are made from a business vision and technical direction perspective. These decisions will affect the information system throughout its entire life cycle, and it is imperative that the information security professional has a seat at the table.