All systems development processes should have several activities in
               common. Although they may not necessarily share the same names,

               these core activities are essential to the development of sound, secure
               systems:

                    Conceptual definition

                    Functional requirements determination

                    Control specifications development

                    Design review

                    Code review walk-through

                    System test review

                    Maintenance and change management

               The section “Lifecycle Models” later in this chapter examines two

               lifecycle models and shows how these activities are applied in real-
               world software engineering environments.



                             It’s important to note at this point that the terminology


                  used in systems development lifecycles varies from model to model
                  and from publication to publication. Don’t spend too much time
                  worrying about the exact terms used in this book or any of the
                  other literature you may come across. When taking the CISSP
                  examination, it’s much more important that you have an

                  understanding of how the process works and of the fundamental
                  principles underlying the development of secure systems.




               Conceptual Definition

               The conceptual definition phase of systems development involves
               creating the basic concept statement for a system. It’s a simple
               statement agreed on by all interested stakeholders (the developers,
               customers, and management) that states the purpose of the project as
               well as the general system requirements. The conceptual definition is a
               very high-level statement of purpose and should not be longer than