2. Given the following results of a gap analysis (based on OpenSAMM) of where a software vendor is currently and where they want to be, list the activities for each of the three security practice areas that would enable them to achieve their goal. 0+ Design Review 2 0+ Code Review 3 Security Testing

2. Given the following results of a gap analysis (based on OpenSAMM) of where a software vendor is currently and where they want to be, list the activities for each of the three security practice areas that would enable them to achieve their goal. 0+ Design Review 2 0+ Code Review 3 Security Testing

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter5: Developing The Security Program

Section: Chapter Questions

Problem 1E

See similar textbooks

Similar questions

A security framework may help with the design and implementation of a security infrastructure, but how? What are the main differences between information security governance and other forms of government in this area? Exactly who inside the company should be tasked with coming up with plans for such an event?
Given the following results of a gap analysis (based on OpenSAMM) of where a software vendor is currently and where they want to be, list the activities for each of the three security practice areas that would enable them to achieve their goal.
1- to 2-page Security Assessment Plan Worksheet Wk 3 – Assignment Template Security Assessment Plan Worksheet Using the Assignment Scenario, complete the following worksheet. Description of VulnerabilitySecurity Control Number and NameSecurity Control TypeSystem Categorization for Risk Level ImpactLast Assessment InformationAssetAssessment MethodPolicy Alignment<Describe the vulnerability><List the Security Control name and number><Common, System-Specific, Hybrid><High, moderate, or low><Identify any security assessments from the past><Describe the asset that will be tested><Identify at least one way you can test this asset><Indicate what security policy aligns with the asset>
The following examples demonstrate how a security framework may be of assistance in the planning and execution of a security infrastructure. Exactly what do we mean when we talk about information security governance, and how does it work? Who inside the organization need to be in charge of making the necessary preparations?
What are the similarities and differences between Microsoft's Security Development Lifecycle (SDL) and the SDLC? Do you think that the SDLC could be improved using some of the features of the SDL, and if so, which ones and why? The proponents of agile methodologies claim that the traditional SDLC suffers from a lack of predictability, or rather that development according to SDLC tries to predict a system's needs. How do agile methodologies approach this problem?
Please provide an outline for the actions that would be required for each of the three security practice areas in order for them to accomplish their objective based on the following findings of a gap analysis (based on OpenSAMM) of where a software provider is now and where they want to be.
How can a security framework aid in security infrastructure design and implementation? Information security governance is unique. Should someone in the organization organize such an event?
Post a link to an article, or information resource regarding security monitoring or monitoring tools that can be used in an Industrial Control environment. Explain what issues do you find most relevant in the article or tools you have identified, and what considerations you think should be made when deploying security monitoring tools in an industrial environment. Are the tools the same? Is there recommendations specific for ICS environments?
Describe how each idea contributes to the creation of security tools that may be used to implement desired security standards in enterprises.
How precisely can a security framework help in the planning and implementation of a security infrastructure? As compared to other forms of governance, information security governance stands out due to its unique characteristics. Is there a person or group inside the company who should be responsible for making contingency plans?
Examples of how a security framework may assist with security infrastructure design and implementation are shown below. The definition and workings of information security governance are unclear. When it comes to planning ahead, who in the company should be in charge?
A company planned to expand the Information Management & Security faculty of the business organisation and offered you the position of Information Systems & Security Auditor. Your role among other things is to ensure that the organisation’s systems and all IT Infrastructure comply with all known global Information Systems and Security Standards. As a security measure, the organisation is required to ensure that its Information Systems infrastructure, procedures and processes comply, and are properly registered with International Standards organisations like the ISO, among others. The business intends to always ensure that all systems and infrastructure are well protected and have acquired a high level of resilience in the event of a cyberattack of any kind or any act of fraud that may be attempted on the organisation as a prime target either by internal or external perpetrators. QUESTION 1.1 Based on the above scenario, break down the information security audit function into…