Assignment Task:
Purpose:
As a cybersecurity risk analyst, you have been tasked with a new project. You will conduct a qualitative cybersecurity risk assessment for a cloud-based software service. In addition, you will outline mitigation strategies for all of the risks you have identified for the existing version of the service. Finally, you will propose a process for integrating risk assessment into a software development life cycle. After the project is completed, your hope is to publish a case study to be used as a model for academia and/or for organizations by submitting the case study to a peer-reviewed cybersecurity or information security journal. Journals can be found using the Internet or the Purdue Global Library. If you are having a problem finding a journal to use, please reach out to your instructor.
Assignment Instructions:
(If applicable, you can use the same open source project used in Unit 3.)
For Assignment purposes, select a multi-layered (presentation layer, business layer, and database layer) Web-based open source project. Assume that the presentation layer resides on a dedicated server in the company's DMZ. The other two layers of the software are behind the corporate firewall and can reside on one or two dedicated servers. The Web application is accessible from the Internet and is browser based. FirefoxTM, ChromeTM, Internet Explorer®, and Safari® are the supported browsers, or you have the option to use a multi-layered application that you have access to. However, notify your instructor if this is the case and explain the situation.
Conduct a qualitative cybersecurity risk assessment on the software product/service. This can include internal and external risks. Do not forget to consider the operating systems involved, what programming languages are used, and some of the inherent risks for the particular programming language(s). The same goes for the database and web servers used.
Identify at least five cyber risks and describe each in detail and why it is a risk for this system.
Outline mitigation strategies for each of the cyber risks you have identified.
Support your research and assertions with at least three credible sources. You may use peer-reviewed articles, trade magazine articles, or IT research company (Gartner, Forrester, etc.) reports to support your research; you can use the Library to search for supporting articles and for peer-reviewed articles. Wikipedia and similar sources are unacceptable.
Assignment Requirements:
At least 3-4 pages of content (exclusive of title page, etc.), using the format from the peer-reviewed journal you found.
APA style.
At least three credible sources.
No spelling errors.
No grammar errors.
No APA errors.