CMGT/431: Information Systems Security Wk 4 – Testing and Assessment Strategies Paper

CMGT/431: Information Systems Security Wk 4 – Testing and Assessment Strategies Paper

Assignment Content
  1. Refer to NIST SP 800-53 (Rev. 4) for the 18 candidate security control families and associated security controls.
    Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.
    For this assignment, use the organization you chose in Week 1.

    Part I: Mapping Vulnerabilities to Security Controls

    Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization’s known vulnerabilities.
    Create a 1-page spreadsheet in Microsoft® Excel® that identifies the following criteria for each family:

    • Control ID
    • Control Name
    • Vulnerability
    • Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)
    Part II: Security Controls Testing

    Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.
    Example of Security Controls Testing Table:


Part III: Penetration Testing and Vulnerability Scanning

Provide a 1-page description of penetration testing and vulnerability scanning processes.
Describe how they are used as part of the organization’s testing and assessment strategy.
Format your citations according to APA guidelines.
Submit your assignment.


Answer Preview……………..

Penetration tests are used by firms to determine the weaknesses in their systems and determine any loopholes that attackers might use to access the system. Vulnerable scans are used to determine the exposures the system has that might lead to system being attacked. The two tests depend on the following factors; cost & time, scope and risk & criticality of assets. Penetration tests require a qualified user to handle it so as to determine all the prevailing attacks…………………………

APA 734 words & Excel file

Share this paper
Open Whatsapp chat
Can we help you?