Question 1. (3 pages) Microsoft Security Development Lifecycle (SDL) (see https:/Avvvw.microsoft.com/en-us/sdk) Explain a) what the methodology is, b) how well it addresses security concerns in the life cycle, and 3) what the drawbacks are, if any.
Question 2. (3 pages) Five Approaches to Understanding Vulnerability Exposure
Approach 1: Common Attack Pattern Enumeration and Classification (CAPEC) Approach 2: Common Weakness Scoring System (CWSS) Approach 3: Common Weakness Risk Analysis Framework (CWRAF) Approach 4: Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Approach 5: National Vulnerability Database (NVD)
Recommend the best to understanding vulnerability exposure when conducting a Cyber Table Top (CTT) exercise within the Department of Defense (DoD)
A) First, identify at least one advantage and disadvantage for each approach B) Second, rank each on a scale from #1 (Highest) to #5 (Lowest) C) Next, fully justify your top recommendations D) Lastly, explain how to improve your #1 approach for proper use in a Cyber Table Top (CTT) exercise
Refer to this resource: https://insidedefense.com/daily-news/dods-dte-shop-encourages-tabletop-exercises-focus-cybersecurity-efforts and https://www.dau.mil/cop/test/DAU%20Sponsored%20Documents/Cybersecurity%20Standard%200verview%20May%202017%20PRMark.pdf).
Question 3. (1 page)
A company develops a new security product using the extreme programming software development methodology — programmers code, then test, then add more code, then test, and continue the iteration. Every day, the code base is tested as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. The company does not offer any additional evidence of assurance. Explain to the management of this company why their software is NOT highly assured.
Question 4 (1 page)
Five security principles/concepts in software development include least privilege, separation of privilege, fail securely, nonrepudiation, and secure the weakest link. First, briefly describe each, then give a specific example of each in practice, and then finally rank the relative importance of each (#1 highest, #5 lowest). Justify your ranking.
Electronic Project Management System Project in Construction Disclaimer: This work has been put together by an understudy. This isn't a case of the work composed by our expert scholastic authors. You can see tests of our expert work here. Any assessments, discoveries, ends or proposals communicated in this material are those of the writers and don't really mirror the perspectives of UK Essays. Distributed: Tue, 09 Jan 2018 Presentation Development is a standout amongst the most entangled businesses on the planet. It takes part in numerous sort of enterprises and procedures to finish the building venture. In this way, development additionally needs to utilize venture the executives system to deal with the task. These days, data innovation is an extremely valuable device to encourage the business. Development likewise utilize much data innovation to aiding in the building forms, in this manner, a development organization might want to execute an electronic venture the executives framework to deal with the building forms. In this electronic undertaking the board framework venture, it might want to pick the PRINCE2 rather than PMP for the task the board system. We might want to look at those procedures and propose the most reasonable one for the comparative case in development industry. We have many task the board procedures on the planet however it is hard to pick one for extraordinary venture. We will utilize PRINCE 2 to contrast and PMP in a few regions. Ruler 2 "Ruler" is an undertaking the board philosophy and it is represent PRojects IN Controlled Environments (PRINCE). "PRINCE2" is the second form of this approach and it is an enlisted trademark of the Office of Government Commerce (OGC) of UK. PRINCE2 is broadly being used by UK government and other organization in UK. PRINCE2 is a structure venture the board technique for various sort of undertaking, not just for Information Technology. Pmbok "PMBOK" additionally is a venture the board system and it is mean "Task Management Book of Knowledge". PMBOK is a guide of best practice in an undertaking and it is distributed by PMI (Project Management Institute). PMBOK is generally being used on the planet however not just in US or North America. PMP (Project Management Professional) is an outstanding declaration for the PMBOK. You could utilize PMBOK standard in various sort of industry that runs an undertaking. Task Life-cycle based versus Knowledge Area based In PRINCE2, it has obviously characterized the task life-cycle in eight primary procedures as pursues, l Starting up a venture (SU) l Directing a venture (DU) l Initiating a venture (IP) l Managing stage limits (SB) l Controlling a phase (CS) l Managing item conveyance (MP) l Closing an undertaking (CP) l Planning (PL) Every one of the primary procedure has its sub-process and absolutely in 45 forms with their very own documentation. Contrast and PRINCE2, PMBOK has talk about in nine useful based learning region instead of utilization venture life-cycle, l Project reconciliation the executives l Project scope the executives l Project time the executives l Project cost the executives l Project quality administration l Project human asset the executives l Project interchanges the executives l Project hazard the executives l Project acquisition the board Every one of the information zone has its sub-process and absolutely in 42 forms. It appears PRINCE2 has all around characterized the undertaking life-cycle than PMBOK. PRINCE2 has characterized simple to pursue method, agendas and clues for task supervisor to use through the venture life-cycle. PMBOK predominantly talk about the aptitudes, apparatuses and procedures in the nine learning territories. In PRINCE2, the venture life-cycle isn't beginning from the requirements or possibility think about. In PRINCE2 manual expressed "The majority of what in PRINCE2 terms will be stages will be divisions of 'usage' in the item life length." Therefore, PRINCE2 is bound to be execution technique than task the board strategy. PMBOK perceive any undertakings needs the appraisal and achievability think about before the task begin. It is more probable is a task the executives system. Documentation In PRINCE2, it has vigorously on documentation. PRINCE2 has portrayed thirty-six standard administration archives, for example, plans and reports that are included through the entire technique. Acknowledgment Criteria, "A definition in quantifiable terms of the qualities expected of the last product(s)for it/them to the clients and staff will's identity influenced." It is by all accounts given by the venture supervisory group and composed amid the task beginning and it ought to be a required documentation in the undertaking. Correspondence Plan, "To characterize all gatherings intrigued by the venture. It contains a depiction of the methods and recurrence of correspondence among them and the undertaking group." It is a report expressed all intrigue parties, what data is required, how frequently is the correspondence and the strategy. It is to be given by the venture supervisory crew and composed amid the undertaking beginning for future as a correspondence guide. End Project Report, "This report is the Project Manager's answer to the Project Board (who may pass it on to corporate or program the board) on how well the task has performed against its Project Initiation Document." This report ought to gave by the Project Manager and composed amid the Closing a Project organize. Likewise, it is a required report in the undertaking. Issue Log, It is use to record all issues brought up in the undertaking those need to take consideration. It might incorporate any worry in the undertaking or any necessity out of the task scope – the need of the difference in degree. "Venture issues might be raised by anybody related with the undertaking whenever." In PRINCE2, the issue log is a required report in the controlling task organize. It ought to approaches control and kept in a protected place Exercise Learned Log, "To be a vault of any exercise got the hang of amid the task that can be conveniently connected to different ventures." It ought to be composed at the end phase of the undertaking and it might be a compulsory report to go about as a "Learning Library" for sometime later. Undertaking Mandate, "The data in the Mandate is utilized to trigger Starting up a Project(SU). It ought to contain adequate data to distinguish at any rate the forthcoming Executive of the Project Board and demonstrate the topic of the venture." It should originate from the Project advisory group that can support the cost, the undertaking and any assets. It likewise is an obligatory report in the task beginning stage. With the exception of the "Exercise Learned Log", those records are not examined and referenced in the PMBOK. It appears PMBOK is talking about on the task the board aptitudes and methods more than the documentation. Calendar And Planning In PRINCE2, it is more spotlight on the venture objective or goal to be conveyed and the quality. It is utilizing some normal procedures or instruments, for example, Gantt Chart, Pert Chart or some other technique in the Planning (PL) organize. PRINCE2 present a few stages in the arranging stage. Right off the bat, make a Product Breakdown Structure (PBS). Besides, record the Product Description. At long last, make the Product Flow Diagram. PRINCE2 has given precedents and characterized obviously in each progression what is the task supervisor ought to do. It has given a simple to adhere to guidance for the undertaking administrator to deal with the venture. In PMBOK, arranging is a general aptitude in the venture the executives. It additionally connected to each extend stage and through the entire task life-cycle. Additionally, PMBOK will utilize Gantt Chart or Pert Chart for the venture arranging and following. In any case, venture arranging in PMBOK continually examining in various learning regions and it appears crosswise over and coordinated through the entire undertaking. Control In Project Management In PRINCE2, as indicated by the materials, control is discussing the basic leadership by the undertaking supervisory group. It is focusing to create the venture objective, satisfy the characterized undertaking quality condition, meet the task calendar, cost and assets arranged and to manage any emergency it might ascended in the venture life-cycle to finish the task. As notice at above, it is the duty of the venture administrator. PRINCE2 has characterized obviously between "Resistance", "Possibility" and "Change Control". "Resilience is the admissible deviation from an arrangement without conveying the deviation to the consideration of the following higher specialist." Tolerance for the task supervisor is required on the grounds that there has no any undertaking will keep running as hundred percent as arranged on the planet even the venture administrator with a decent arrangement. "Possibility, in PRINCE2 terms, is a financial plan including the time and cash put aside to complete an emergency course of action which may be conjured in a connected hazard really happens." Contingency plan is required in the undertaking in light of the fact that the any task has some basic mischance issue to cause the venture come up short. "Change Control, the control of progress implies the appraisal of the effect of potential changes, their significance, their expense and a judgmental choice by the executives on whether to incorporate them or not." In any undertaking, change is inescapable yet it have to under control and endorsed to guarantee the task could meet the timetable and spending plan. IN PMBOK, control is talked about in a few information regions. As change control, it is talk about in "Venture Integrated Management" Like the calendar and arranging, control is dependably to be examine in the few learning regions through the entire task life-cycle. End As a task the executives system, PRINCE2 and PMBOK have altogether different methodologies for venture the executives. It is on the grounds that the two procedures serve in various regions. In this manner, they can't specifically to do the correlation. PMBOK, it exhibits the best strategy for training the task oversee>GET ANSWER