WEEK5 DQ1
490 wk4 dq1. 100-150 words
Your IT team has been asked to access the risks of an application server upgrade project. Discuss the common sources of risk for this IT project and give suggestions for managing them. Explain why each suggestion will be useful to mitigate risk.
REPLIES. 75-100 WORDS
A Jordan
Hello Class,
In the modern world the accessing applications servers is a common occurrence and thus presents a situations where a high level of emphasis must be placed upon the protection of the applications used. One of the most common risks to applications come in the form of injections (GeeksforGeeks, 2022). An injection entails an attacker injecting a query into the application server from the client side which can allow for them to read, add, update, and delete data as well execute administrator commands for privilege database tasks. Some methods of mitigating injection attacks is through the use of web application firewalls, employee training, and use of validated prevention methods (Hanna & Lewis, 2021). Web Application Firewalls (WAFs) are a tool that is commonly implemented to filter to SQL injection attacks and are constructed using a library of attack signatures that can be set to mark hostile queries that are identified in the application. Another method that is useful in protecting from injection is the use of validated prevision which protects the application via input validation, prepared statements and parameterized queries.
B Chad Pope replied toJordan Ehresman
Hello Jordan,
In my opinion, your answer to this week’s first discussion question is insightful, solid work. I have noticed that those of us in the IT and Cybersecurity industries often focus on the risks inherent in the technology itself, rather than other potential risks of a non-technical nature (i.e., risk typically associated with people or processes). During the course of your research, did you happen to discover any non-technical risks that could impact an application server upgrade? In my experience, project management requires a holistic approach to risk management. In my opinion, the potential issues that could have an impact on the success or failure of a project are not necessarily exclusive to technology. Good work so fat this week. Keep it up.
C Chad Pope
The most common risks associated with an application server upgrade include cybersecurity risks such as malfunctioning or misconfigured access control, cryptographic issues, and injection attacks like cross-site scripting, structured query language injections, and buffer overflow attacks (Donegan, 2020). There are also risks associated with people and processes such as insufficient expertise or poor project management. To manage these potential risks, one should accomplish a risk assessment as part of an overarching risk management program. Each risk should be evaluated qualitatively and quantitatively, if possible, to determine the best way to mitigate the risk. Risk mitigation strategies include remediation of vulnerabilities, transference of risk (usually accomplished via insurance), or acceptance of risk. Risk acceptance is usually done when the risk factor is low, or the cost of remediation exceeds the cost of dealing with the risk in the event of an incident.