Two subjects

Operating Sys & App Security - Week 6/Operating Sys & App Security - Week 6.docx

Discussion 1 - 1 page

Application Security Basics

The CIO and the marketing vice president of Nancy's Noodle Factory have been having a heated debate about allowing marketing staff to integrate the company Twitter feed into the company Web site. Nancy Nelson, the CEO and owner of the company, listened to both positions and charges you with figuring out how to meet the marketing department's objectives in a way that accommodates the security concerns of the CIO.

Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following:

· Describe the Web development controls that you recommend be implemented.

· Explain the security controls that will be used to prevent any part of the Web hosting assets from being compromised.

· Identify auditing strategies that can be followed to ensure that the development and hosting components are following the agreed upon strategies.

Assignment - 2 - 3 pages

Application of Software Security Controls

Instructions

Tom Tanner is an external auditor doing an audit on a business line of a multi-national corporation. He discovers as part of this audit that this business line was recently acquired by the parent company. The long term intent is to convert this business to the corporate ERP system, however the existing ERP system is custom built software that is maintained by internal developers hired by the business line for this purpose. Tom is accustomed to auditing organizations that use COTS (commercial off the shelf) applications that have predictable and determinable vulnerability and version patching controls and procedures. He hires you to function as a sub-contractor to audit the security implications of this customized ERP software.

Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following:

· Describe the security controls that are in place, i.e. controls that mitigate application threats and vulnerabilities, both in terms of the development and the use of the software.

· Describe the role that existing application security policy will play in ensuring that the audit covers the appropriate software development and maintenance controls.

· Explain how to audit the software patching and version control process that is performed internal to the organization.

· Describe how to approach audit recommendations for missing application controls related to a system known to be at the end of the useful lifecycle.

· Apply mitigations that support application security within a specific organization.

At the end of your paper, also include lab screenshots from u06v1 and u06v2.

Additional Requirements

Your assignment should also meet the following requirements:

· Written communication: Written communication is free of errors that detract from the overall message.

· APA formatting: Your paper should demonstrate current APA style and formatting.

· Number of resources: Include a minimum of three resources, appropriately cited throughout your paper and in your reference list.

· Suggested length: 2–3 pages, typed and double-spaced, not including the title page and reference list.

· Font and font size: Times New Roman, 12 point.