Security Homework
Security Homework must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security Homework of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.
For this Homework, use the organization you choose.
Part A: Mapping Vulnerabilities to Security Controls
Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization's known vulnerabilities.
Create a 1 page spreadsheet in Microsoft Excel that identifies the following criteria for each family:
Control ID
Control Name
Vulnerability
Recommended mitigation.
Part B: Security Controls Testing
Provide a 2 to 3 pages table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.
Example of Security Controls Testing Table:
Part C: Penetration Testing and Vulnerability Scanning
Provide a 1-page description of penetration testing and vulnerability scanning processes.
Describe how they are used as part of the organization's testing and Homework strategy.
Format your homework according to the following formatting requirements:
o The answer should be typed, using Times New Roman font (size 12), double spaced, with one-inch margins on all sides.
o The response also includes a cover page containing the title of the homework, the student's name, the course title, and the date. The cover page is not included in the required page length.
o Also include a reference page. The Citations and references must follow APA format. The reference page is not included in the required page length.