User Account

All Pages

Conduct penetration tests for the enterprise

Assignment Help Computer Engineering
Reference no: EM132039559

Case Scenario: As a Nofsinger consultant, you have been tasked with researching and recommending an Application Lifecycle Management (ALM) tool. Your deliverable for this task will be used to help obtain buy-in from the company's program managers for increased security investments.

An Application Lifecycle Management tool (product) is used to help manage and protect digital assets which are part of or contribute to the management of software applications (especially source code and design documents) throughout the Software & Systems Development Life Cycle (SDLC). The digital assets for each software application must be protected from initiation of a development or acquisition project through to disposal of equipment at the end of its useful lifespan.

Multiple Sifers-Grayson managers have responsibility for making sure that Sifers-Grayson products are developed and delivered on-time and in compliance with the contractual requirements for functionality ("quality"). For the current set of customers this means that Sifers-Grayson must implement security focused configuration management (see NIST SP 800-128). Configuration management is a first-line defense against attacks intended to compromise the security and integrity of software applications. This business process is part of a larger, more complex process known as application lifecycle management.

Note: Note: Application Development Lifecycle Management (ADLM) is related to ALM but does not encompass the entire SDLC. If you choose to review an ADLM tool, make sure that you address the limitations, i.e. does not cover all phases of the ALM. State what impact these limitations may have upon application security for the entire SDLC.

During initial interviews, the engineering managers and program managers provided the following information to your team.

1. Software and Systems Development are the lifeblood of the client company, Sifers-Grayson. From robots to drones to industrial control systems for advanced manufacturing, every product or system sold by the company depends upon software. Some system functions depend upon tiny control programs that capture data from a sensor or command an actuator to move. Other system functions depend upon sophisticated software algorithms to receive and analyze data to make sense out of the surrounding environment.

2. Sifers-Grayson's engineers are responsible for writing and testing this software. But, they've never had to worry about cybersecurity ... especially not internal security over software development activities in their own facilities.

3. The engineers feel ownership over their files and folders of source code.

4. There are occasional pranks between engineers working in the labs but software is "sacred" and "off limits."

5. The engineers believe that "No one would dare mess with a file containing source code for an operational system or a system that has moved into the integration and test phase of the software lifecycle."

The Nofsinger Engagement Leader (your boss), has provided the following advance notice information as part of your background briefing for this task.

1. Within the next 60 days, a Nofsinger Red Team will conduct penetration tests for the enterprise.

2. The Red Team test plan includes attacks designed to demonstrate to the engineers and managers (through penetration testing) that there is a need to protect digital assets, especially software designs, source code, and related artifacts from both insider and external threats.

Research: 1. Review the weekly readings.

2. Using Google or another search engine, identify an Application Life Cycle Management product which could meet the needs of Sifers-Grayson. Then, research your chosen product using the vendor's website and product information brochures.

3. Find three or more additional sources which provide reviews for (a) your chosen product or (b) information about Application Life Cycle Management.

Write: Write a 3 page summary of your research. At a minimum, your summary must include the following:

1. An introduction or overview for the security technology category (Application Lifecycle Management)

2. A review of the features, capabilities, and deficiencies for your selected vendor and product

3. Discussion of how the selected product could be used by Sifers-Grayson to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.

4. A closing section in which you restate your recommendation for a product (include the three most important benefits).

As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. protection, detection, prevention, "governance," confidentiality, integrity, availability, nonrepudiation, assurance, etc.). See the ISACA glossary if you need a refresher on acceptable terms and definitions.

Reference no: EM132039559

Questions Cloud

Model growth phenomena in biological populations : The logistic equation is commonly used to model growth phenomena in biological populations: Y = (L/(1+e^-a(x-b)), where Y is the response
Confidence interval in the problem : Choose the best interpretation below for the confidence interval in the problem.
Describe what the trends you see for your company : Analyze the financial reporting information and the financial health of the company with the help of the calculated ratios.
What is expected price of the stock three years from today : A stock currently sells for $23.00 and its required rate of return is 18%. What is the expected price of the stock three years from today?
Conduct penetration tests for the enterprise : Within the next 60 days, a Nofsinger Red Team will conduct penetration tests for the enterprise. The Red Team test plan includes attacks designed to demonstrate
What is affirmative action : What was the initial intent of Affirmative-Action legislation? What did the landmark Bakke v. Regents case conclude?
The topic is a test on a hypothesis on proportion : Could someone explain to me what a hypothesis test on proportion is, I can do the math part, but I don't really know how to define it.
Describes a mixed methods study : Locate an empirical research article that is either a quantitative or qualitative study from a peer reviewed social work journal for the final assignment.
What type of life insurance did josephine purchase : t also contains a cap on the additional interest credited to the policy. what type of life insurance did Josephine purchase?

Reviews

Write a Review

Computer Engineering Questions & Answers

  List the eight degenerate two-level forms

List the eight degenerate two-level forms and show that they reduce to a single operation. Explain how the degenerate two-level forms can be used to extend the number of inputs to a gate.

  What are information systems and decision support systems

explain the different components of a decision support system and explain each one.Give some examples where the decision support system helps with making internal decisions.

  Identifying the malicious activity in the program

State the most effective method in order to find if an attack has been made on the computer network? Specify the malicious activities does your recommendation recognize?

  Why is it important to bring standalone systems into domain

Why is it important to bring standalone systems into the Domain? What was the command line syntax to connect as the root user to 172.30.0.11 using PuTTY?

  Discuss the concept of business and information technology

Compose a critical analysis of a journal article found in the Saudi Electronic University Library regarding the concept

  Service is used to automatically assign ip addresses

explain an IP address. Describe Class A, B, and C networks. Are a MAC address and an IP address the same thing? What network service is used to automatically assign IP addresses? Describe the four steps of the IP address lease process.

  Write a function to decode the original text

If you erase lower two bits in the red value, you can clear space for hiding values 0-4. Write a function to decode the original text.

  Discuss three different concepts presented in articles

Discuss at least 3 different concepts presented in the articles. As an IT professional, how would you apply the three concepts you identified.

  Write a program that will read in a weight in pounds

Write a program that will read in a weight in pounds and ounces and will output the equivalent weight in kilograms and grams.

  Write a program to scrape the best-seller rank for a book

Write a program to scrape the best-seller rank for a book on Amazon. Use this to plot the rank of all of Skiena's books over time.

  Program demonstrates simple symmetric-key encryption

This program demonstrates simple Symmetric-key Encryption using the XOR instruction with a multi-byte key entered by the user. Use this key to encrypt and decrypt the plain text

  How does the jpeg compression work

Explain the types of compression algorithms and how they are classified.How does the mpeg compression work and its different modes?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd