Home Uncategorized Security Portfolio Assignment(Min 600 words)
Uncategorized

Security Portfolio Assignment(Min 600 words)

Question for Week7:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

 

In week #4, your midterm project was to provide a security assessment for Vestige, Inc, an online software company that specialize in selling ad spaces in their parent company’s magazine.  Vestige manages an online database that allows their customers to upload and pay for their business ads for magazine placement.  Because Vestige’s database needs to connect to the parent company’s database, the parent company has requested that Vestige system be assessed and verified as secure.

Now that you have provided your security assessment, the next step is to provide Vestige, Inc. with your Security Portfolio. Using this week’s Reading on the NIST framework that includes the 5-step process for creating a balanced portfolio of security products, your assignment will be to create a Security Portfolio with the following sections:

1. Cover Page (i.e. APA title page)

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

2. Background (provide a synopsis your midterm security assessment on Vestige)

3. For each security need identified (or needs to be identified) from your Week #4’s Midterm Assignment, Find the products that will deliver the needed capabilities for the right price, and tell why you chose that product.

This assignment should be about the security needs only.  Do NOT discuss how the client can achieve more business (That is not your job). Please use  APA format and include at least two references.

Other references:

Below is the question for week4 assignment

 

Vestige, Inc. is an online software company that specialize in selling ad spaces in their parent company’s magazine.  Vestige manages an online database that allows their customers to upload and pay for their business ads for magazine placement.  Because Vestige’s database needs to connect to the parent company’s database, the parent company has requested that Vestige system be assessed and verified as secure.

Your company has designated you to be the lead architect for this project because it’s a small company and perfect for your first time.  Since you have spent the past several weeks in training to be a System Architect, perform your assessment:

Hint: Review your assignments from week 1-3

This assignment should be in APA format and have to include at least two references.

Week4 Assignment Attached:

With growing number of attacks, it is getting difficult for the companies to address and handle cyber-security issues. Vestige Inc is a company that is acting as medium for parent company to sell advertisement space for their magazine. The business requirement states that Vestige system needs to be accessed and verified before establishing a connection to the database of the parent company.

As a Security Architect, it is required to analyze the parent’s database to define the need for connection. Database plays the important role as it contains confidential and sensitive information of the consumers. At any particular instance, evaluation of security is an effective approach to identify the weaknesses of database. The architecture should be defined considering database security and network management as a priority. Any failure of database and interference of network could affect the customer personal and financial information.

There are several attributes and factors that needs to be considered for a security evaluation. The primary components to be considered are privacy, operational security, disaster recovery and consistency planning. The above components mentioned should be a part of security portfolio and should be budgeted accordingly. Privacy is the most important component and should be allocated 40% of budget as it makes sure that the consumer information that is sensitive is secure in the database. Operational Securities, Disaster recovery and contingency should be given the other 60% of the budget.

Vestige should define the access and policy control to the parent’s database. A set of users should be defined to assign functionality and privileges per user requirements helps prevent possible cyber threats for a database. Proper assignment of privileges and separating tasks helps scheduling tasks only to authorized users such as providing time limit for accessing the data base and creating data base backups. Also, Role based Access Control (RBAC) should be implemented in the parent database. This RBAC should be able to verify all the input and output transactions by checking the consumers profile in the existing database. The database should define the level of access user has to the existing records and based the records the incoming user profile is validated.

Networking and communication also play an important part in security evaluation. It is required to understand the flow of input and output communication so that proper security and access control procedures can be implemented and vulnerabilities can be analyzed. A simple example would to provide different access roles to a developer and a user to the database. The input requests can be validated in different ways but primarily with headers. The headers contain identification and authentication tokens/ flags that define various properties such as the type of transaction whether it is inbound or outbound. These tokens identify inbound or outbound transaction and prevent unauthorized access by denying the inbound request in case of failure.

The best practices of evaluation of security should include some mandatory selection of tests that include identifying known bugs in the system, device settings, handling privileges and regulatory oversight. This includes following security protocols and keeping the data safe and locked physically along with the data in the data centers. Implementation of firewall and encryption of data should be normal practice to restrict the malware from the data that is transmitted. Firewalls such as SecureSphere and encryption tools such as CertainSafe should be implemented at certain levels to encrypt the entire database and secure it from malicious attacks.

There are many methods and applications to evaluate the security of the database but the major task is to address the database and networking issues. The functionalities that can address this issue are risk management, identifying Denial of attacks (DDOS), disaster recovery , contingency plan.

References:

Crabtree, J., & Sellers, A. (2019). U.S. Patent No. 10,432,660. Washington, DC: U.S. Patent and Trademark Office.

Williams, K. Y. B., & Griffin, J. A. (2019). Better security and encryption within cloud computing systems. In Cloud Security: Concepts, Methodologies, Tools, and Applications (pp. 812-823). IGI Global

Hire a Writer
Calculate your order
Pages (275 words)
Standard price: $0.00
Client Reviews
4.9
Sitejabber
4.6
Trustpilot
4.8
Our Guarantees
100% Confidentiality
Information about customers is confidential and never disclosed to third parties.
Original Writing
We complete all papers from scratch. You can get a plagiarism report.
Timely Delivery
No missed deadlines – 97% of assignments are completed in time.
Money Back
If you're confident that a writer didn't follow your order details, ask for a refund.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00
Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.
Power up Your Study Success with Experts We’ve Got Your Back.
Order Now Order Now

Order your essay today and save 30% with the discount code ESSAYHELP

Order Now