431/c

profilejoycarly

 

Assignment Content

  1. Refer to NIST SP 800-53 (Rev. 4) for the 18 candidate security control families and associated security controls.


    Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.


    For this assignment, use the organization you chose in Week 1.


    Part I: Mapping Vulnerabilities to Security Controls
    Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization’s known vulnerabilities.


    Create a 1-page spreadsheet in Microsoft® Excel® that identifies the following criteria for each family:
    • Control ID
    • Control Name
    • Vulnerability
    • Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)
    • Part II: Security Controls Testing
      Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.


      Example of Security Controls Testing Table:
      Example of Security Controls Testing Table



      Part III: Penetration Testing and Vulnerability Scanning
      Provide a 1-page description of penetration testing and vulnerability scanning processes.


      Describe how they are used as part of the organization’s testing and assessment strategy.


      Format your citations according to APA guidelines.

    • 4 years ago
    • 20
    Answer(1)

    Purchase the answer to view it

    blurred-text
    • attachment
      Controls.xlsx
    • attachment
      PartII.docx
    • attachment
      PartIIIPenetrationandVulnerabilityscanningprocess.docx
    • attachment
      PARTIIIPenetrationandVulnerabilityscanningprocessReport.pdf