ACYB301 UAG The Security Development Life Cycle Essay
Prior to beginning work on this final paper, review the readings from previous weeks, and read or review the following:Information Security Handbook: Develop a Threat Model and Incident Response Strategy to Build a Strong Information Security Framework (Links to an external site.).Chapter 3: Preparing for Information and Data SecurityThe System Development Life Cycle (SDLC) (Links to an external site.)Information Security Program Life Cycle (Links to an external site.)A Complete Guide to the Information Security Lifecycle (Links to an external site.)Cheat Sheet 38, Secure SDLC Cheat Sheet, on pages 288 through 292 in the document, OWASP Cheat Sheets (Links to an external site.).Building Security Into the System Development Life Cycle (SDLC): A Case Study (Links to an external site.)Please Note: The acronym “SDLC” can refer to either security development life cycle, system development life cycle, or software development life cycle. However, the focus of this report is on the security development life cycle as it relates to systems, but be aware that the term may be used differently in this week’s articles.The final paper will utilize all the skills and concepts you have acquired thus far in the course. You will apply what you know about the security life cycle, along with the other security concepts you have learned, to complete a written report that explains cybersecurity for a fictitious organization.To complete this assignment, you will use the CYB301 Network Diagram Download CYB301 Network Diagramas your starting point, which depicts the current IT infrastructure. After you review the current IT network infrastructure, you will write a report for this fictitious organization, using the security development life cycle to propose a new upgraded IT network infrastructure. You may also use assignments from previous weeks to complete this final paper. Be sure to incorporate the feedback you received from your instructor.Please make sure to use proper APA 7th edition guidelines. You may use the resource Introduction to APA (Links to an external site.) for help with your APA writing.The Security Development Life Cycle final paper must include the following items:Security Development Life Cycle (SDLC) Process (one page):Explain (briefly) each phase of the SDLC process as it will be used for an expansion project.Include the tasks that should be completed in each phase, as well as any tools or utilities such as Nmap, netstat, or Nessus that would be used to assist.Risk Assessment (half of a page):Describe (briefly) two possible risks, two possible threats, and two possible vulnerabilities to the original IT infrastructure depicted on the CYB301 Network Diagram Download CYB301 Network Diagram.Include the domain in which each risk, threat, and vulnerability applies.Describe (briefly) two possible risks, two possible threats, and two possible vulnerabilities to the IT infrastructure at the selected organization after the proposed expansion is implemented.Include the domain in which each risk, threat, and vulnerability applies.Describe (briefly) the security controls and mechanisms that should be put into place to prevent the new risks, threats, and vulnerabilities you have identified.Implementing the Risk Management Process (half of a page):Propose a plan to implement the risk management process within one domain of the IT infrastructure for your selected organization (after the expansion) by creating a risk register for one domain.Select any of the seven domains.Provide a high-level overview for each component of the risk register.IT Security Policy Framework (three pages):Update the IT security policy framework.Part 1: The “Environment” (one paragraph for each bulleted item.)Formulate one organizational goal for the new expansion project.Formulate one organizational objective for the new expansion project.Identify one regulation that would apply to the new expansion.Explain why the regulation applies.Identify one law that would apply to the new expansion.Explain why the law applies.Discuss the shareholders and their interests.Part 2: Functional policiesIdentify a minimum of two functional policies that would need to be implemented for the new expansion.Develop one new functional policy to address one of the policies identified in your list.Part 3: Supporting MechanismsDiscuss the industry standards, procedures, baselines, and guidelines related to the policy.Confidentiality, Integrity, and Availability – CIA Triad (one page):Explain the principles of information systems security (confidentiality, integrity, and availability) as these concepts relate to the selected organization.Describe the information that needs to be kept confidential, the data that needs to have the validity and accuracy (integrity) maintained, the systems that need to be available, and the uptime that is required by the system.Explain (briefly) how the SDLC process will meet the CIA triad requirements.Apply the CIA triad to one of the seven domains of the IT infrastructure at the selected organization to create trusted systems.You may select any one of the domains, and any format (Prezi, PowerPoint, outline in Word, or other method) may be utilized to complete this requirement.The Security Development Life Cycle final paperMust be six to eight double-spaced pages in length (not including title and references pages) and formatted according to APA Style 7th edition as outlined in the Writing Center’s APA Style (Links to an external site.).Must include a separate title page with the following:Title of paper (in bold font)Student’s nameUAGCCourse name and numberInstructor’s nameDue dateFor further assistance with the formatting and the title page, refer to APA Formatting for Word 2013 (Links to an external site.).Must utilize academic voice. See the Academic Voice (Links to an external site.) resource for additional guidance.Must use at least five scholarly or credible sources in addition to the TestOut courseware.The Scholarly, Peer-Reviewed, and Other Credible Sources (Links to an external site.) table offers additional guidance on appropriate source types. If you have questions about whether a specific source is appropriate for this assignment, please contact your instructor. Your instructor has the final say about the appropriateness of a specific source for the final paper.To assist you in completing the research required for this assignment, view this Quick and Easy Library Research (Links to an external site.) tutorial, which introduces the UAGC Library and the research process, and provides some library search tips.Must document any information used from sources in APA Style as outlined in the Writing Center’s APA: Citing Within Your Paper (Links to an external site.).Must include a separate references page that is formatted according to APA Style as outlined in the Writing Center. See the APA: Formatting Your References List (Links to an external site.) resource in the Writing Center for specifications.