Describe the description of penetration testing

Assignment Help Computer Engineering

Reference no: EM132589444

Assignment: Refer to NIST SP 800-53 (Rev. 4) for the 18 candidate security control families and associated security controls.

Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.

For this assignment, use the organization you chose in Week 1.

Part I: Mapping Vulnerabilities to Security Controls

Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization's known vulnerabilities.

Create a 1-page spreadsheet in Microsoft Excel that identifies the following criteria for each family:

• Control ID

• Control Name

• Vulnerability

• Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)

Part II: Security Controls Testing

Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.

Part III: Penetration Testing and Vulnerability Scanning

Provide a 1-page description of penetration testing and vulnerability scanning processes.

Describe how they are used as part of the organization's testing and assessment strategy.

Format your citations according to APA guidelines.

Reference no: EM132589444

Questions Cloud

Create income statements for the year ended Dec : Bio Tech manufactures and sells surgical mask. Create income statements for the year ended Dec 31, 2018 based on both marginal and absorption costing

How should purchase the bond at the current market price : What is the value of the bonds to you given your required rate of return? Should you purchase the bond at the current market price?

Dscribe the data collection techniques : Summarize 3 data collection techniques (Interviews, Surveys, Observations, Focus Groups, etc.). Compare and contrast the 3 data collection techniques.

Calculate the discounted selling price : Pete's Wheels n' Spokes has a rate of markup on cost of 25% on a model of bikes. Calculate the discounted selling price

Describe the description of penetration testing : Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected.

How does that item impacted net income : How does that item impacted net income (or net loss) and why is there an adjustment necessary to determine cash from operations

Draw the graph breakeven point of capital structure : What is your recommendation in relation to EPS and capital structure based on the given data. draw the graph breakeven point of capital structure

Show the journal entries for the mentioned transactions : On April 1, 2017, XYZ Limited sold a freehold property to another company, STU Limited. Show the journal entries for the mentioned transactions

Explain differences between the direct and indirect methods : Question - Explain the differences between the direct and indirect methods for preparing the statement of cash flows

User Account

All Pages