Write Requirements for Multiple Independent Levels of Security and Include Access Control Concepts and Capabilities

Anonymous
timer Asked: Dec 11th, 2017
account_balance_wallet $125

Question description

I have to Write Requirements for Multiple Independent Levels of Security and Include Access Control Concepts, Capabilities. See Attached Files

This assignment is two tasks of a general project and should be about four to six pages total. Please review the attached scenario of the project and also step eight and nine descriptions. MILS REQUIREMENTS [Integrate information from step 8. Write requirements for multiple independent levels of security (MILS). Include that vendor will be devising prototyping test plans and executing tests against sample databases to determine requirements for access, access control, authentication and security models that define read and write access. Also access to data will be accomplished using security concepts and security models that ensure confidentiality and integrity of data. Best to review access control and authentication. Health care database should have capabilities for MILS. Lastly, include organization plans on expanding user base of the database, web interface, database read, and write and access controls should be built incorporating security models. Before writing the requirement statement review MILS, cybersecurity models and insecure handling. Include in the statement: 1) definitions and stipulations for cybersecurity models; 2) the Biba Integrity, Bell-LaPaula, Chinese Wall Models and any limitations for the application of these models. Include requirement statements regarding vendor’s insecure handling solutions based on the definitions of the security model included in requirements statement.] Step 8: Write Requirements for Multiple Independent Levels of Security The previous step required you to identify operating system security components to support the database. For this step, you will focus on identification, authentication, and access. Since you are determining and incorporating the requirements into the RFP, in your role as SSE, you are also devising prototyping test plans and executing tests against sample databases to determine the requirements for access, access control, identification and authentication, and the security models that define read and write access. Access to the data is accomplished using security concepts and security models that ensure confidentiality and integrity of the data. Refer to access control and authentication to refresh your knowledge. The health care database should have capabilities for multiple independent levels of security (MILS). Your organization plans on expanding the user base of the database, and the web interface and the database read, write, and access controls should be built incorporating security models. To be completed by a designated team member: Write requirement statements for MILS in your database. Include the definitions and stipulations for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula model and and the Chinese Wall model. Indicate any limitations for the application of these models. Review the content of the following resources. As you’re reading, note which cybersecurity models are most beneficial to your database. • • • multiple independent levels of security (MILS) cybersecurity models insecure handling Include requirement statements regarding the vendor’s insecure handling solutions. They are to be accounted for in whatever security model the vendor chooses to incorporate, based on the definitions of the security model that you included with the requirements statement. Include this in the RFP. In the next step, you will consider access control. ACCESS CONTROL REQUIREMENTS [Integrate information from step 9. Include access control concepts, capabilities. Focus on access control. Vendor will need to demonstrate capabilities to enforce to database management systems that includes identification, authentication, access, and authorization. The vendor must identify types of access control capabilities and how they execute access control. Provide requirement statements for vendor regarding access control concepts, authentication, and direct object access.] Step 9: Include Access Control Concepts, Capabilities In the previous step, you wrote requirements for multiple levels of security, including the topics of identification, authentication, and access. In this step, you will focus on access control. The vendor will need to demonstrate capabilities to enforce identification, authentication, access, and authorization to the database management systems. Include requirement statements in the RFP that the vendor must identify, the types of access control capabilities, and how they execute access control. To be completed by a designated team member: Provide requirements statements for the vendor regarding access control concepts, authentication, and direct object access. Include the requirement statement in the RFP. In the next step, you will create a test plan and review your remediation efforts, as well as come up with a report for vendors.
CST620_Project 5: Database Security Assessment (Group Project Case Study) You are a contracting officer's technical representative, a Security System Engineer, SSE, at a military hospital. Your department's leaders are adopting a new medical health care database management system. And they've tasked you to put together a team to create a request for proposal for which different vendors will compete to build and provide to the hospital. A Request For Proposal, or RFP, is when an organization sends out a request for estimates on performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are tailored to each endeavor but have common components and are important in the world of IT contracting and for procurement and acquisitions. To complete the RFP, you must determine the technical and security specifications for the system. You'll write the requirements for the overall system and also provide evaluation standards that will be used in rating the vendor's performance. Your learning will help you determine your system's requirements. As you discover methods of attack, you'll write prevention and remediation requirements for the vendor to perform. Additionally, you'll produce a report detailing a test plan and remediation results. This document will accompany the RFP and will include security guidelines for vendors. You must identify the different vulnerabilities the database should be hardened against. You have a good relationship with the vendors in determining these requirements for the procurement. You'll work in partnership in your teams to define test protocol of the database management system and to devise remediation. These results will be incorporated into the test plan and remediation results and will also be part of the RFP. Work in partnership teams to test and validate the remediation and attacks and to create the RFP.
This assignment is two tasks of a general project and should be about four to six pages total. Please review the attached scenario of the project and also step eight and nine descriptions. MILS REQUIREMENTS [Integrate information from step 8. Write requirements for multiple independent levels of security (MILS). Include that vendor will be devising prototyping test plans and executing tests against sample databases to determine requirements for access, access control, authentication and security models that define read and write access. Also access to data will be accomplished using security concepts and security models that ensure confidentiality and integrity of data. Best to review access control and authentication. Health care database should have capabilities for MILS. Lastly, include organization plans on expanding user base of the database, web interface, database read, and write and access controls should be built incorporating security models. Before writing the requirement statement review MILS, cybersecurity models and insecure handling. Include in the statement: 1) definitions and stipulations for cybersecurity models; 2) the Biba Integrity, Bell-LaPaula, Chinese Wall Models and any limitations for the application of these models. Include requirement statements regarding vendor’s insecure handling solutions based on the definitions of the security model included in requirements statement.] Step 8: Write Requirements for Multiple Independent Levels of Security The previous step required you to identify operating system security components to support the database. For this step, you will focus on identification, authentication, and access. Since you are determining and incorporating the requirements into the RFP, in your role as SSE, you are also devising prototyping test plans and executing tests against sample databases to determine the requirements for access, access control, identification and authentication, and the security models that define read and write access. Access to the data is accomplished using security concepts and security models that ensure confidentiality and integrity of the data. Refer to access control and authentication to refresh your knowledge. The health care database should have capabilities for multiple independent levels of security (MILS). Your organization plans on expanding the user base of the database, and the web interface and the database read, write, and access controls should be built incorporating security models. To be completed by a designated team member: Write requirement statements for MILS in your database. Include the definitions and stipulations for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula model and and the Chinese Wall model. Indicate any limitations for the application of these models. Review the content of the following resources. As you’re reading, note which cybersecurity models are most beneficial to your database. • • • multiple independent levels of security (MILS) cybersecurity models insecure handling Include requirement statements regarding the vendor’s insecure handling solutions. They are to be accounted for in whatever security model the vendor chooses to incorporate, based on the definitions of the security model that you included with the requirements statement. Include this in the RFP. In the next step, you will consider access control. ACCESS CONTROL REQUIREMENTS [Integrate information from step 9. Include access control concepts, capabilities. Focus on access control. Vendor will need to demonstrate capabilities to enforce to database management systems that includes identification, authentication, access, and authorization. The vendor must identify types of access control capabilities and how they execute access control. Provide requirement statements for vendor regarding access control concepts, authentication, and direct object access.] Step 9: Include Access Control Concepts, Capabilities In the previous step, you wrote requirements for multiple levels of security, including the topics of identification, authentication, and access. In this step, you will focus on access control. The vendor will need to demonstrate capabilities to enforce identification, authentication, access, and authorization to the database management systems. Include requirement statements in the RFP that the vendor must identify, the types of access control capabilities, and how they execute access control. To be completed by a designated team member: Provide requirements statements for the vendor regarding access control concepts, authentication, and direct object access. Include the requirement statement in the RFP. In the next step, you will create a test plan and review your remediation efforts, as well as come up with a report for vendors.
CST620_Project 5: Database Security Assessment (Group Project Case Study) You are a contracting officer's technical representative, a Security System Engineer, SSE, at a military hospital. Your department's leaders are adopting a new medical health care database management system. And they've tasked you to put together a team to create a request for proposal for which different vendors will compete to build and provide to the hospital. A Request For Proposal, or RFP, is when an organization sends out a request for estimates on performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are tailored to each endeavor but have common components and are important in the world of IT contracting and for procurement and acquisitions. To complete the RFP, you must determine the technical and security specifications for the system. You'll write the requirements for the overall system and also provide evaluation standards that will be used in rating the vendor's performance. Your learning will help you determine your system's requirements. As you discover methods of attack, you'll write prevention and remediation requirements for the vendor to perform. Additionally, you'll produce a report detailing a test plan and remediation results. This document will accompany the RFP and will include security guidelines for vendors. You must identify the different vulnerabilities the database should be hardened against. You have a good relationship with the vendors in determining these requirements for the procurement. You'll work in partnership in your teams to define test protocol of the database management system and to devise remediation. These results will be incorporated into the test plan and remediation results and will also be part of the RFP. Work in partnership teams to test and validate the remediation and attacks and to create the RFP.

Tutor Answer

LESTER_PRO
School: Rice University

almost done
Attached.

Running head:

Database Security Assessment

A Request for Proposal for new medical health care database
By
Security System Engineer Student’s name
Date: December 12, 2017

1

A Request For Proposal for new medical health care database

2

Table of Contents
Description .................................................................................................................................................... 3
Introduction ................................................................................................................................................... 3
System Requirements.................................................................................................................................... 3
MILS requirements ................................................................................................................................... 4
Cyber Security Models ............................................................................................................................. 6
i.

Bell-La Padula (BLP) model......................................................................................................... 6

ii.

Biba model .................................................................................................................................... 6

iv.

Chinese wall Model .................................................................................................................. 7

A Request For Proposal for new medical health care database

3

Description
As a security System engineer...

flag Report DMCA
Review

Anonymous
Goes above and beyond expectations !

Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors