Assignment
• Imagine that you are the IT Security Officer for a large university, and you have been assigned the task of implementing Web security. Propose the key actions that you would take to implement security in order to eliminate single points of failure. Provide a rationale for your response.
• Access Control is one of the most important security mechanisms when one designs a secure network, Website, or data transmission environment. Suggest the approach that you would take to utilize access control in your environment. Recommend the major actions that you can take to assure that proper type of access and level of access and control are being used.
• For Web applications, describe the best practices for mitigating vulnerabilities in order to prevent buffer overflow (BO) attacks or SQL Injections (SQI). Give one real-life example of an actual BO or SQI attack, and explain how it was addressed.
• Imagine that you are responsible for the creation of a security policy for credit card data that will ensure PCI compliance in an upcoming audit for your company. Outline what your policy would entail. Provide a rationale for the components of your policy.
• It's important to fully test any sort of web application development for functionality, security, etc. Outline the major components that you would include in your test plan in order to make sure that your Web application is secure. Provide a rationale for your test plan components.
• Imagine that you are an IT Security Manager. You want to have your security team perform penetration testing as part of vulnerability testing on your current systems. Your CIO wants to hire an outside company to perform the penetration testing. Choose a side and argue for or against hiring an outside company. What are the potential benefits and risks with penetration testing in general?