Application security

profilereddy143
ApplicationSecurity.docx

ISOL534-50-51 Application Security: Request for Proposal (RFP) Form

Table of Contents

ISOL534-50-51 Application Security: Request for Proposal (RFP) Form 1 Introduction 3 Access control Problem Statement 3 Purpose Statement 4 Scope Statement 4 Impact assessment 4 Budget /Financial Assessment 5 High-Level Functional Requirements 5 Business Benefits 6 Special Issues or Constraints 6 Conclusion 6 References 7

Introduction

Poor security policies in business result in disastrous impacts for both the organization and the clients. Since most businesses are dependent on technology to execute most of their functions, then digital security is becoming a significant concern for every organization (Fowler, 2016). Addressing the issues and security patterns of our system will tremendously improve the systems' confidentiality and integrity to avoid incidences of data breaches to the company and the customers of the organization. Data breaches cause is either intentional or unintentional release of the confidential information to the untrusted parties for malicious gains (Hammouchi et al., 2019).

The proposal will formulate various steps that will be taken to mitigate the risks infiltration into the organizational information technology infrastructure. The steps will reduce the data breach incidences into the system to enhance systems security and data confidentiality (Hammouchi et al., 2019). The process will ensure that the customers have trust in the company’s system and feel secure that their data won’t be accessed by unauthorized parties. Furthermore, the steps will minimize the financial losses accruing from such data breaches and data recovery.

Access control Problem Statement

The company has been experiencing frequent data breaches over the past few months. The major cause of such data breaches is due to poor security policies. There are negative consequences due to the breaches such as significant revenue losses almost up to 50% of the annual revenues (Fowler, 2016). Furthermore, the breaches have damaged the firm’s reputation as some of the customers feel insecure with their data and migrate to the company’s competitors that have effective systems. Poor policy implementations on the security systems of the firm have permitted the hackers and cybercrimes the opportunity of gaining unauthorized access into the system to steal confidential information. Furthermore, in some instances, they have manipulated the systems codes for their malicious gains.

Purpose Statement

The proposal will aim to formulate and implement policies to strengthen the access controls of the systems. Further, the company is required to adopt modern technologies that are efficient to assist the companies in mitigating the incidences that are associated with data breaches. Also, it is critical to design business continuity plans and disaster recovery plans to ensure that the primary business operations run smoothly in case there are incidences of data breaches.

Scope Statement

The proposal will analyze all the systems and their access controls to ascertain their levels of security. Auditing the system will ensure that the system administrators understand the strengths and weaknesses of the firms. Identification of the system weaknesses will assist the systems administrators to formulate the strategies that will be appropriate for the system (Kennerly, 2018). Furthermore, they will analyze the technologies `used to understand whether they are appropriate to restrict and support the system effectively from the hacker's operations.

Impact assessment

It is a structured process that is applied to evaluate the impacts for the users and their environment in the process of modifying the proposals. The process will be applied at every level of decision making during the policy formulations. The process will be conducted to ensure that there is conformance with the applicable policy needs for privacy (Kennerly, 2018). Furthermore, it will identify and analyze the risks associated with privacy breaches and their impacts. Finally, the impact assessment process will be applied to identify the most appropriate privacy controls that will be utilized to mitigate unacceptable risks in case they occur. Therefore, the process must be conducted to ensure that all the processes within the system have been evaluated and the way they might affect the privacy of the system.

Budget /Financial Assessment

The project will consume a significant amount of money. The funds might seem a lot but in the long run, it will be economical. Funds will be

Name

Amount

Auditor

$50,000

New technologies

$200,000

High-Level Functional Requirements

System security requirements

System security functions

System functions reliability

Layered security system

Authentication processes

Failure system components tolerance

Fault recovery

Error tolerance

Effective policies

Policy assessment

Mass awareness of the systems

Frequent change in passwords

Strong passwords

System fault tolerance

Reliability assessment

System recoverability

Reliability assessment

Authentication failure operation

Authentication failure mechanism

Business Benefits

The proposal will be geared to reduce data breaches and unauthorized entry by hackers. The process will ensure only authorized users gain the required information. Further, the clients of the company will gain trust in the company’s system which will attract more customers translating to more revenues for the company to attain its set goals and objectives ("US Health Data Breaches," n.d).

Special Issues or Constraints

It is crucial to consider various aspects when performing security audits. The auditor must possess the required knowledge to perform the process. Furthermore, it is essential to engage the stakeholders to air their opinions on the targeted system. The process will ensure the effective formulation of policies.

Conclusion

Digital security is becoming a significant concern for every organization. Addressing the issues and security patterns of our system will tremendously improve the systems' confidentiality and integrity. The proposal will formulate various steps that will be taken to mitigate the risks infiltration. The steps will reduce the data breach incidences into the system significantly. Poor policy implementations on the security systems of the firm permit data breaches

References

Fowler, K. (2016). An Overview of Data Breaches. Data Breach Preparation and Response, 1-26. https://doi.org/10.1016/b978-0-12-803451-4.00001-0

Hammouchi, H., Cherqi, O., Mezzour, G., Ghogho, M., & Koutbi, M. E. (2019). Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time. Procedia Computer Science, 151, 1004-1009. https://doi.org/10.1016/j.procs.2019.04.141

Kennerly, E. (2018). Privacy and the Internet: Can Massive Data Breaches be Stopped?

US Health Data Breaches. (n.d.). Wolfram Research Data Repository. https://doi.org/10.24097/wolfram.69604.data

7