Assignment: Testing And Assessment Strategies Paper
Refer to NIST SP 800-53 (Rev. 4) for the 18 candidate security control families and associated security controls.
Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as designed, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls to mitigate the vulnerabilities.
For this assignment, use the organization you chose.
Part I: Mapping Vulnerabilities to Security Controls
Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization's known vulnerabilities.
Create a 1-page table in Microsoft Word that identifies the following criteria for each family:
• Control ID
• Control Name
• Vulnerability
• Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)
• Part II: Security Controls Testing
Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.
Part III: Penetration Testing and Vulnerability Scanning
Provide a 1-page description of penetration testing and vulnerability scanning processes that would apply to an application that would be used by the organization as part of its critical business processes. For example, an educational institution using a student roster and class registration tracking software would need to scan it for vulnerability and protect the data from hackers and data manipulation.
Describe how they are used as part of the organization's testing and assessment strategy.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.