Part 1: 500 words
Provide your thoughts and understanding of requirements:
1. Who consumes requirements?
2. Getting security requirements implemented.
3. Why do good requirements go bad?
Part2: 600 words attached midterm assignment for reference.
Your midterm project was to provide a security assessment for [X], an online software company that specialize in selling ad spaces in their parent company’s magazine. [X] manages an online database that allows their customers to upload and pay for their business ads for magazine placement. Because [X] ‘s database needs to connect to the parent company’s database, the parent company has requested that [X] system be assessed and verified as secure.
Now that you have provided your security assessment, the next step is to provide [X] with your Security Portfolio. Using this week’s Reading on the NIST framework that includes the 5-step process for creating a balanced portfolio of security products, your assignment will be to create a Security Portfolio with the following sections:
(Note: [X] can be any company and any line of business)
1. Cover Page (i.e., APA title page)
2. Background (provide a synopsis your midterm security assessment on Vestige)
3. For each security need identified (or needs to be identified) from your Midterm Assignment, Find the products that will deliver the needed capabilities for the right price, and tell why you chose that product.
Mid%20Term%20As
signment x
Running Head:
Security Architecture & Design.
1
Security Architecture & Design. 2
Assessment and verification of company system
Vijay Kumar Karumanchi
University of Cumberland’s
Bertrand, Brian
Security Architecture & Design.
Assessment and verification of company system
In essence, database security assessment measures a database’s current vulnerability. On evaluates a dataset’s vulnerability to a collection of known security issues and attack scenarios. The dataset analysis identifies customer database strengths and weaknesses. Experts suggest strengthening the weak points and building on that foundation. Primarily, database security assessment determines a database’s vulnerability at a given moment.
Many assessments may not dive deep enough through the database to verify flaws. Consider the SQL server’s xp_sprintf overflow buffer. Also, an attacker may use xp_sprintf to fail or gain control of the server. In addition to a list of vulnerabilities. A listing alone cannot be implemented. There are no way executives could have fixed every flaw on the list in order (50.ibm,2020).
Software security testing should cover the areas listed; system flaws found, device options, handling privilege, external objects, and regulating. The most common interpretation is that you will contribute to maintaining the database in a secure, closed environment where security procedures are in place to prevent unauthorized persons from accessing the information stored therein. For this kind of data storage, it is also essential to retain the dataset on a separate physical device that is not linked to the computers that operate the program or data centers (50.ibm,2020).
These kind of physical devices stops information from being made publicly accessible over the internet, a firewall, and it will protect the database server from central database security flaws and will secure the database servers. However, it should be noted that the only traffic authorized must originate from certain users or data centers that need access to this kind of information to function correctly. Consequently, the firewall will prevent the server from processing outbound traffic until the server fulfils a specified criterion, which will take time.
It is important to make sure the tapes are encrypted and keep them separated from the decryption keys to secure the tapes, nowadays many businesses made this process as it standard practice to encrypt data stored on tapes. According to the developers, users will also benefit from the software’s guidance in determining whether or not to share their account information. It will also highlight any customer accounts that have been recorded in the revenue statement without their consent (50.ibm,2020).
Tool for Database Activity Monitoring may assist with this by providing monitoring that is independent of basic SQL dredging and auditing; it may also be able to assist with administering administrative responsibilities, which is not currently available. Following these recommendations, you may use any or all of the tools and methodologies listed above to analyze a database’s security and make the database both secure and easy to share with other people (techopedia, nd).
We can recognize when the account has been hacked or compromised, when employee behaving strange, or when a data or sensitive information was leaked with proper monitoring. It will also assist users in determining whether or not their accounts are trading accounts. It will notify users if their charges are included in the income statement without their knowledge or permission (NCES, nd). Data Warehouse Activity Monitoring tools will assist with the help of monitoring that is separate from basic SQL dredging and auditing, it will also assist with the administration of administrative activities. Using any of these tools or programs to assess the security of a database is a good idea and following the recommendations above may help make the database more secure and accessible to all users and administrators.
References
Www-356.ibm.com. 2020. Database Security Assessment. Accessed 28th January 2022, from, https://www-50.ibm.com/partnerworld/gsd/showimage.do?id=24046
NCES. (nd). Security Management. Accessed 28th January 2022, from, https://nces.ed.gov/pubs98/safetech/chapter4.asp
Techopedia. nd . Database Activity Monitoring (DAM). Accessed 28th January 2022, from, https://www.techopedia.com/definition/30937/database-activity-monitoring-dam
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
