Security architecture and design
6/28/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 1/5
%32
%24
%2
SafeAssign Originality Report Summer 2020 - Security Architecture & Design (ISOL-536-51) - Full Te… • Midterm Project Paper
%57Total Score: High riskShiv Kumar Banala Submission UUID: 481a5b6c-0e31-e094-47f8-c79a24945a12
Total Number of Reports
1 Highest Match
57 % Midterm.docx
Average Match
57 % Submitted on
06/28/20 12:00 PM EDT
Average Word Count
1,043 Highest: Midterm.docx
%57Attachment 1
Internet (5)
detoxtechnologies riskwatch techtarget
alc-group wikipedia
Global database (1)
Student paper
Institutional database (1)
Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 1,043 Midterm.docx
4 5 3
1 6
2
7
2 Student paper 4 detoxtechnologies 5 riskwatch
6/28/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 2/5
Source Matches (13)
Midterm 1
Midterm 6
ISOL 536
Security Architecture & Design
University of the Cumberland’s
Professor
Dr. James Hyatt
Tools are limited to basically finding vulnerabilities or potentially using a fixed method to provide an estimate of security exposure based on the answers to
some very general questions to give you a number that’s supposed to represent your risk exposure (Dalton & Osmanoglu, 2017). Before you start any kind of security risk assessment, you need to understand very clearly what is the purpose of the risk assessment, and, if you’re trying to do anything other than an inherent risk assessment, you need to have some good information about the existing control environment. There are several methodologies for conducting security assessments, but SABSA is mostly preferred. The primary difference with SABSA vs. other methods is the granularity it gives you along with the ability to identify potential
systemic risk interactions. The objective of SABSA is to ensure you have an overall, architected approach to risk management that lives and breathes with the business, so the risk assessment is only one piece of the puzzle. That said, the use of attributes, formalized definitions for different security zones potentially impacted by various risks and a robust framework for defining and tracking dependencies gives you a much better chance to reduce the subjectivity of your risk assessments. Once completed, the results of the assessment are directly usable for ensuring you have direct traceability from business needs to ultimate security control selections in addition to full traceability from controls to the business objectives they support all the way through a layered security architecture. Any tools you have are only as good as the methodology you use to ultimately contextualize the information security assessment results in business terms so that it’s easy to make the right decisions. The better and more business-focused the risk assessment methodology, the less work needs to be done to enable business risk owners to make the right risk management decisions. For an effective security assessment, the following tools are needed: AppScan: This is one of the best web application
security testing tools. It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on
web applications. Nmap: This is a network auditing tool. It is used to detect network activities as well as detects the open ports on the host. Nessus: This is a
remote security scanning tool used during vulnerability assessment and penetration testing. Nessus scans for vulnerabilities on Windows and UNIX systems, these qualities make this tool all-rounder. This tool is best for security testing teams and penetration experts. Metasploit: Metasploit is a very popular hacking and
penetration testing tool. It is a penetration testing framework which makes finding vulnerabilities very easy. Metasploit is often used to test remote systems vulnerability. Metasploit finds security issues, verify vulnerability mitigations & manages security assessments. There are several mistakes people make when preparing for a security assessment task. The first mistake is lack of vision, the moment a security team is sent out to conduct a security assessment without any plans or objectives they always fail in conducting this exercise. The second mistake is letting compliance getting in their way, most of the time compliance laws causes more damage than good when implementing security measures. To avoid this, security team should avoid more laws in order to be effective in risk assessment. Bad reporting is another mistake, reporting should always focus on providing a solution not just focus on the problem. When a security team are more focused mistakes they find during assessment then security assessment process will be of no good. Organization risk tolerance plays a huge role during risk assessment, it defines the amount of risk an organization is willing to take on the system during assessment. In an event the system under assessment expose the organization to high risks such as downtime then the process must be stopped (Chilamkurti, 2019). If the assessment process cost the organization more than its benefits then the process must be reviewed. System under assessment should cause minimum distraction within the organization. Organization tolerance measures the benefits against cost of assessment and determine whether the process should be carried out or not. If the system possess some risks then assessment must be carried out. It’s recommended to start your assessment process with identifying the asset you are assessing (a facility, a system, etc.) and determine relevant industry standards or regulations. From there, take a look and see what your unique processes or needs are that aren’t already addressed. Then, you’ll determine your risk based on
custom scales and metrics that make the most sense for your business, including asset value, likelihood of the risk occurring, impact of the risk, and any third-party data.
1
2
2
3
4
4 4
4
5
Through your selected content, you’ll be able to identify security gaps after speaking with key personnel that can provide information on the system, policy, task, etc. that you’re addressing. You’ll then be able to offer recommendations and assign tasks to personnel to close security gaps and improve risk scores
(Ramachandran, 2018). It’s also crucial to create reports that analyze risk across your assets and track what risks were identified and what steps were taken to mitigate those risks. This makes it easier to show how risk is reducing or compliance is improving over time as you perform your next assessment, and also to be able to provide evidence of your assessment in case of an audit. Architecture representation diagram would be utilized to show the connection between various elements. Generally they are made for frameworks which incorporate hardware and applications and these are represented in the graph to show the association between them. Be that as it may, it can likewise be made for web applications. For an internet applications, architecture design configuration will comprise various components such as database, application server, web server, internet applications and so on. Not only can this graph elements are applicable, different parts as well be incorporated.
Reference
King, Dalton & Osmanoglu, T. E. (2017). Security architecture: Design, deployment, and operations. McGraw-Hill/Osborne Media. Ramachandran, J. (2018). Designing security architecture solutions. John Wiley & Sons. Chilamkurti, N. (2019). Security, design, and architecture for broadband and wireless network
technologies. IGI Global.
5
6 7
6/28/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 3/5
alc-group 65%
Student paper 75%
Student paper 86%1
Student paper
Security Architecture & Design
Original source
Security Services Architecture
2
Student paper
Tools are limited to basically finding vulnerabilities or potentially using a fixed method to provide an estimate of security exposure based on the answers to some very general questions to give you a number that’s supposed to represent your risk exposure (Dalton & Osmanoglu, 2017).
Original source
The assessment tools are limited to basically finding vulnerabilities or potentially using a fixed method to provide an estimate of information security exposure based on the answers to some very general questions asked to the company’s employee
2
Student paper
other methods is the granularity it gives you along with the ability to identify potential systemic risk interactions. The objective of SABSA is to ensure you have an overall, architected approach to risk management that lives and breathes with the business, so the risk assessment is only one piece of the puzzle. That said, the use of attributes, formalized definitions for different security zones potentially impacted by various risks and a robust framework for defining and tracking dependencies gives you a much better chance to reduce the subjectivity of your risk assessments. Once completed, the results of the assessment are directly usable for ensuring you have direct traceability from business needs to ultimate security control selections in addition to full traceability from controls to the business objectives they support all the way through a layered security architecture.
Original source
The primary difference with this and other methods is the granularity it gives you along with the ability to identify potential systemic risk interactions The objective of the report is to ensure the company has an overall, architected approach to risk management that lives and breathes with the business, so the risk assessment is only one piece of the puzzle That said, the use of attributes, formalized definitions for different security zones potentially impacted by various risks and a robust framework for defining and tracking dependencies gives you a much better chance to reduce the subjectivity of your risk assessments Once completed, the results of the assessment will be directly usable for ensuring that the company has direct traceability from business needs to ultimate security control selections
6/28/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 4/5
Student paper 95%
techtarget 66%
detoxtechnologies 100%
detoxtechnologies 65%
detoxtechnologies 98%
detoxtechnologies 94%
riskwatch 90%
2
Student paper
Any tools you have are only as good as the methodology you use to ultimately contextualize the information security assessment results in business terms so that it’s easy to make the right decisions. The better and more business-focused the risk assessment methodology, the less work needs to be done to enable business risk owners to make the right risk management decisions.
Original source
Any tools used are only as good as the methodology you use to ultimately contextualize the information security risk assessment results in the company terms so that it’s easy to make the right decisions The better and more business- focused the risk assessment methodology, the less work needs to be done to enable business risk owners to make the right risk management decisions
3
Student paper
This is one of the best web application security testing tools.
Original source
Web application security testing
4
Student paper
It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on web applications.
Original source
It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on web applications
4
Student paper
It is used to detect network activities as well as detects the open ports on the host.
Original source
Nmap is used to detect the live host on the network (host discovery), also detects the open ports on the host
4
Student paper
This is a remote security scanning tool used during vulnerability assessment and penetration testing. Nessus scans for vulnerabilities on Windows and UNIX systems, these qualities make this tool all-rounder. This tool is best for security testing teams and penetration experts.
Original source
Nessus is a remote security scanning tool used during vulnerability assessment and penetration testing Nessus scans for vulnerabilities on Windows and Unix systems, these qualities make this tool all-rounder This tool is best for security testing teams and penetration experts
4
Student paper
Metasploit is a very popular hacking and penetration testing tool. It is a penetration testing framework which makes finding vulnerabilities very easy. Metasploit is often used to test remote systems vulnerability. Metasploit finds security issues, verify vulnerability mitigations & manages security assessments.
Original source
Metasploit is a very popular hacking and penetration testing tool It is a penetration testing framework which makes finding vulnerabilities very easy Metasploit is often used to break into remote systems or test for a computer system vulnerability Metasploit finds security issues, verify vulnerability mitigations & manages security assessments
5
Student paper
From there, take a look and see what your unique processes or needs are that aren’t already addressed. Then, you’ll determine your risk based on custom scales and metrics that make the most sense for your business, including asset value, likelihood of the risk occurring, impact of the risk, and any third-party data.
Original source
From there, take a look and see what your unique processes or needs are that aren’t already addressed Analyze Data Once risks are identified, you’ll analyze them with custom scales and metrics that make the most sense for your business, including asset value, likelihood of the risk occurring, impact of the risk, and any third-party data
6/28/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 5/5
riskwatch 97%
wikipedia 100%
Student paper 100%
5
Student paper
that you’re addressing. You’ll then be able to offer recommendations and assign tasks to personnel to close security gaps and improve risk scores (Ramachandran, 2018). It’s also crucial to create reports that analyze risk across your assets and track what risks were identified and what steps were taken to mitigate those risks. This makes it easier to show how risk is reducing or compliance is improving over time as you perform your next assessment, and also to be able to provide evidence of your assessment in case of an audit.
Original source
that you’re addressing You’ll then be able to offer recommendations and assign tasks to personnel to close security gaps and improve risk scores It’s also crucial to create reports that analyze risk across your assets and track what risks were identified and what steps were taken to mitigate those risks This makes it easier to show how risk is decreasing or compliance is improving over time as you perform your next assessment, and also to be able to provide evidence of your assessment in case of an audit
6
Student paper
John Wiley & Sons.
Original source
John Wiley & Sons
7
Student paper
Security, design, and architecture for broadband and wireless network technologies.
Original source
Security, Design, and Architecture for Broadband and Wireless Network Technologies