Lockdown
Cyber Operations and Risk Management
Project 3: Briefing
Objectives
Software assurance.
Key attributes of current SDLC
Software supply chain risks
Vulnerability identification
Software alternate option
Software alternate option evaluation
Recommendation
Recommendation cost
Software assurance
Software assurance refers to guaranteeing confidence that all software services and processes are free from unintentional and intentional exploitable vulnerabilities and software performance is great (Jarzombek, 2012).
Robust security feature helps maintain the integrity of every process being conducted by the software and ensures output is great.
Some software assurance needs in our team are:
Avoid use of unrecommended software development tools
Avoid using software known to have suspicious behavior
Scanning software before installation
Software should have clear steps on how to update it safely.
Key attributes of current SDLC
Software Development Life Cycle (SDLC) is a systematic software design approach that software developers use to produce high-quality software that is easy to maintain.
It plays a great role in ensuring we get a well-designed software that can handle every process securely and as expected.
It has seven steps essential steps which are:
Planning
Analysis phase
Design
Coding
Testing
Deployment
Maintenance
Software supply chain risks
Supply chain involves the distribution of software components from the manufacturer to the final buyer.
Software components come from different vendors and sources, making the supply chain process risky (NIST, 2019).
Risks associated with the software supply chain are:
Introduction of defects to software components.
Software codes with malware codes.
Missing features in the codes.
Counterfeit components
Vulnerability identification
A vulnerability refers to a weakness in a system.
Attackers can exploit a vulnerability to illegally access the systems, corrupt files, delete and steal critical data.
Once a system is attacked, data and process integrity are affected, which means the system users will get inaccurate output.
Some of the existing vulnerabilities in our system were:
Unreliable file scanning techniques
SQL injection
These vulnerabilities exposed the system to various threats such as; ransomware, (DDoS) Distributed Denial of Service, and many more forms of malware.
Software alternate option
It can be challenging to have perfect software hence; alternate options are recommended to eliminate identified software vulnerabilities.
Endpoint security systems implementation.
The systems should have the following features:
Tools such as whitelisting tools
Logging tools
Patching tools
Firewall checking tools
Software alternate option evaluation
Software alternate options aim to ensure the following elements are maintained:
Data integrity,
Confidentiality
Availability
Security systems aim to ensure the software being used is free from malware.
Software product assurance must be available to ensure all components are effectively working securely.
Recommendation
Weekly audits in the following areas.
Network
Software
Supply chain network
Performance.
Recommendation cost
To meet the new recommendation, resources are needed.
Buying of security tools
Auditing process expenses
Training expenses
The recommendations will help:
Mitigate risks
Prevent data leakages
Prevent data loss
Prevent denial of service
References
Jarzombek, J. (2012). Software Assurance: Enabling Security and Resilience throughout the Software lifecycle. Retrieved from https://csrc.nist.gov/csrc/media/projects/forum/documents/2012/october-2012_fcsm-jjarzombek.pd
NIST. (2019). Cyber supply chain risk management. Retrieved from https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management