Question 1. (3 pages) Microsoft Security Development Lifecycle (SDL) (see https:/Avvvw.microsoft.com/en-us/sdk) Explain a) what the methodology is, b) how well it addresses security concerns in the life cycle, and 3) what the drawbacks are, if any.
Question 2. (3 pages) Five Approaches to Understanding Vulnerability Exposure
Approach 1: Common Attack Pattern Enumeration and Classification (CAPEC) Approach 2: Common Weakness Scoring System (CWSS) Approach 3: Common Weakness Risk Analysis Framework (CWRAF) Approach 4: Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Approach 5: National Vulnerability Database (NVD)
Recommend the best to understanding vulnerability exposure when conducting a Cyber Table Top (CTT) exercise within the Department of Defense (DoD)
A) First, identify at least one advantage and disadvantage for each approach B) Second, rank each on a scale from #1 (Highest) to #5 (Lowest) C) Next, fully justify your top recommendations D) Lastly, explain how to improve your #1 approach for proper use in a Cyber Table Top (CTT) exercise
Refer to this resource: https://insidedefense.com/daily-news/dods-dte-shop-encourages-tabletop-exercises-focus-cybersecurity-efforts and https://www.dau.mil/cop/test/DAU%20Sponsored%20Documents/Cybersecurity%20Standard%200verview%20May%202017%20PRMark.pdf).
Question 3. (1 page)
A company develops a new security product using the extreme programming software development methodology — programmers code, then test, then add more code, then test, and continue the iteration. Every day, the code base is tested as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. The company does not offer any additional evidence of assurance. Explain to the management of this company why their software is NOT highly assured.
Question 4 (1 page)
Five security principles/concepts in software development include least privilege, separation of privilege, fail securely, nonrepudiation, and secure the weakest link. First, briefly describe each, then give a specific example of each in practice, and then finally rank the relative importance of each (#1 highest, #5 lowest). Justify your ranking.
