Scenario:
UNFO traditionally has been a brick-and-mortar retailer, and the management has experienced associated business risks such as employee theft and shoplifting. However, as the organization moves into the e-commerce model, new risks will be introduced to the organization. As the information security analyst, it will be your role to summarize the business impact of these new risks, the motivating factors behind exploiting vulnerabilities, and how the risks can be mitigated.
Tasks:
Prepare an executive summary report for presentation to the senior management to assist the team in understanding IT security risks associated with an e-commerce model. Additionally, the senior management team will need to use the report as guidance for determining a budget allocation for hiring new IT professionals who will implement the e-business model and design the web applications using the Software Development Life Cycle (SDLC). Also discuss how this team can make this process secure and thus greatly reduce the risk of having exploitable web applications. Your report should cover the following points.
Through the given scenario of UNFO, identify the weaknesses and vulnerabilities associated with creating web applications for the proposed Web platform using the SDLC process. To do so, you must:
1. Research and classify common weaknesses and attacks associated with e-commerce and social networking applications.
2. Identify the motivation for potential attacks and summarize the importance of identifying them early in the development or implementation process.
3. Identify the roles such as System administrator, developer, security engineer, and quality assurance analyst for each classification.
4. Explain the business impacts of a successful exploit on a Web application's weakness.
5. Identify resources to create secure coding policy and guidelines.
6. Explain how to introduce security into the SDLC.
7. Recommend revisions to the control process.
8. Identify the techniques or processes for software developers to review their source code.
Executive Summary
Carrie Smith
UNFO Information Security Analyst
Introduction:
Identify the Current UNFO Situation based on the Scenario. Describe the purpose of the paper and its goal to inform Senior management.
Risks:
Identify weaknesses of the e-commerce environment as it pertains to UNFO.
Describe common attacks associated with the e-commerce and network applications that UNFO will use for their business.
Motivation for Attacks:
Describe why hackers would attack UNFO.
Explain why some unscrupulous companies would attack UNFO.
Personnel Roles:
System Administrator:
Developer:
Security Engineer:
Quality Assurance Analyst:
Business Impact on UNFO if Attack Successful:
Summarize the impacts in this section.
Software Security Team:
Identify Members.
Describe mission of the team as it pertains to UNFO.
Control Processes for the SLDC:
List the stages of the SLDC and the Security requirements for each process. Summarize-do not copy from the book.
Explain UNFO's role in this process.
Reviewing Source Code:
Input Validation:
Encryption:
Data Security:
Authentication Procedures:
Error Handling:
Summary:
Summarize all thoughts above as it pertains to UNFO.