(First essay)
Corporate Risk
Identify three of the biggest risks that corporations must confront from intruders/hackers. Provide three recommendations about how employees can guard against these attacks.
=======================
(Second essay)
Threat Mitigation
Threats to applications or software require mitigation. Mitigation can be accomplished in four ways: redesign to eliminate vulnerability, apply a standard mitigation, invent a new mitigation, or accept the vulnerability.
=======================
( Third essay )
Applying STRIDE to Identify Threats
Regardless of which SDLC model is used, the security requirements and constraints must be determined before the product can be built. Security design follows a threat model that is developed based on what is known about the system/application design and architecture. Based on the following scenario, utilize STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to identify possible threats against the system.
Scenario:
You have been asked to design a Web-based User Feedback System. Users will be required to register in the system prior to first-time use. Users can then log in using the self-selected username and password. Users will be able to enter feedback comments and then log off the system.
=======================
(Fourth essay)
Nondisclosure (NDA)
Describe the processes involved in the implementation of access control methods for employees, remote employees, customers, and business partners. Discuss the differences in access control levels and the elements that should be considered when determining the appropriate access level.
0 comments