Security architecture and design

profilepavan0101
OriginalityReport.pdf

6/28/2020 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 1/5

%32

%24

%2

SafeAssign Originality Report Summer 2020 - Security Architecture & Design (ISOL-536-51) - Full Te… • Midterm Project Paper

%57Total Score: High riskShiv Kumar Banala Submission UUID: 481a5b6c-0e31-e094-47f8-c79a24945a12

Total Number of Reports

1 Highest Match

57 % Midterm.docx

Average Match

57 % Submitted on

06/28/20 12:00 PM EDT

Average Word Count

1,043 Highest: Midterm.docx

%57Attachment 1

Internet (5)

detoxtechnologies riskwatch techtarget

alc-group wikipedia

Global database (1)

Student paper

Institutional database (1)

Student paper

Top sources (3)

Excluded sources (0)

View Originality Report - Old Design

Word Count: 1,043 Midterm.docx

4 5 3

1 6

2

7

2 Student paper 4 detoxtechnologies 5 riskwatch

6/28/2020 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 2/5

Source Matches (13)

Midterm 1

Midterm 6

ISOL 536

Security Architecture & Design

University of the Cumberland’s

Professor

Dr. James Hyatt

Tools are limited to basically finding vulnerabilities or potentially using a fixed method to provide an estimate of security exposure based on the answers to

some very general questions to give you a number that’s supposed to represent your risk exposure (Dalton & Osmanoglu, 2017). Before you start any kind of security risk assessment, you need to understand very clearly what is the purpose of the risk assessment, and, if you’re trying to do anything other than an inherent risk assessment, you need to have some good information about the existing control environment. There are several methodologies for conducting security assessments, but SABSA is mostly preferred. The primary difference with SABSA vs. other methods is the granularity it gives you along with the ability to identify potential

systemic risk interactions. The objective of SABSA is to ensure you have an overall, architected approach to risk management that lives and breathes with the business, so the risk assessment is only one piece of the puzzle. That said, the use of attributes, formalized definitions for different security zones potentially impacted by various risks and a robust framework for defining and tracking dependencies gives you a much better chance to reduce the subjectivity of your risk assessments. Once completed, the results of the assessment are directly usable for ensuring you have direct traceability from business needs to ultimate security control selections in addition to full traceability from controls to the business objectives they support all the way through a layered security architecture. Any tools you have are only as good as the methodology you use to ultimately contextualize the information security assessment results in business terms so that it’s easy to make the right decisions. The better and more business-focused the risk assessment methodology, the less work needs to be done to enable business risk owners to make the right risk management decisions. For an effective security assessment, the following tools are needed: AppScan: This is one of the best web application

security testing tools. It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on

web applications. Nmap: This is a network auditing tool. It is used to detect network activities as well as detects the open ports on the host. Nessus: This is a

remote security scanning tool used during vulnerability assessment and penetration testing. Nessus scans for vulnerabilities on Windows and UNIX systems, these qualities make this tool all-rounder. This tool is best for security testing teams and penetration experts. Metasploit: Metasploit is a very popular hacking and

penetration testing tool. It is a penetration testing framework which makes finding vulnerabilities very easy. Metasploit is often used to test remote systems vulnerability. Metasploit finds security issues, verify vulnerability mitigations & manages security assessments. There are several mistakes people make when preparing for a security assessment task. The first mistake is lack of vision, the moment a security team is sent out to conduct a security assessment without any plans or objectives they always fail in conducting this exercise. The second mistake is letting compliance getting in their way, most of the time compliance laws causes more damage than good when implementing security measures. To avoid this, security team should avoid more laws in order to be effective in risk assessment. Bad reporting is another mistake, reporting should always focus on providing a solution not just focus on the problem. When a security team are more focused mistakes they find during assessment then security assessment process will be of no good. Organization risk tolerance plays a huge role during risk assessment, it defines the amount of risk an organization is willing to take on the system during assessment. In an event the system under assessment expose the organization to high risks such as downtime then the process must be stopped (Chilamkurti, 2019). If the assessment process cost the organization more than its benefits then the process must be reviewed. System under assessment should cause minimum distraction within the organization. Organization tolerance measures the benefits against cost of assessment and determine whether the process should be carried out or not. If the system possess some risks then assessment must be carried out. It’s recommended to start your assessment process with identifying the asset you are assessing (a facility, a system, etc.) and determine relevant industry standards or regulations. From there, take a look and see what your unique processes or needs are that aren’t already addressed. Then, you’ll determine your risk based on

custom scales and metrics that make the most sense for your business, including asset value, likelihood of the risk occurring, impact of the risk, and any third-party data.

1

2

2

3

4

4 4

4

5

Through your selected content, you’ll be able to identify security gaps after speaking with key personnel that can provide information on the system, policy, task, etc. that you’re addressing. You’ll then be able to offer recommendations and assign tasks to personnel to close security gaps and improve risk scores

(Ramachandran, 2018). It’s also crucial to create reports that analyze risk across your assets and track what risks were identified and what steps were taken to mitigate those risks. This makes it easier to show how risk is reducing or compliance is improving over time as you perform your next assessment, and also to be able to provide evidence of your assessment in case of an audit. Architecture representation diagram would be utilized to show the connection between various elements. Generally they are made for frameworks which incorporate hardware and applications and these are represented in the graph to show the association between them. Be that as it may, it can likewise be made for web applications. For an internet applications, architecture design configuration will comprise various components such as database, application server, web server, internet applications and so on. Not only can this graph elements are applicable, different parts as well be incorporated.

Reference

King, Dalton & Osmanoglu, T. E. (2017). Security architecture: Design, deployment, and operations. McGraw-Hill/Osborne Media. Ramachandran, J. (2018). Designing security architecture solutions. John Wiley & Sons. Chilamkurti, N. (2019). Security, design, and architecture for broadband and wireless network

technologies. IGI Global.

5

6 7

6/28/2020 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 3/5

alc-group 65%

Student paper 75%

Student paper 86%1

Student paper

Security Architecture & Design

Original source

Security Services Architecture

2

Student paper

Tools are limited to basically finding vulnerabilities or potentially using a fixed method to provide an estimate of security exposure based on the answers to some very general questions to give you a number that’s supposed to represent your risk exposure (Dalton & Osmanoglu, 2017).

Original source

The assessment tools are limited to basically finding vulnerabilities or potentially using a fixed method to provide an estimate of information security exposure based on the answers to some very general questions asked to the company’s employee

2

Student paper

other methods is the granularity it gives you along with the ability to identify potential systemic risk interactions. The objective of SABSA is to ensure you have an overall, architected approach to risk management that lives and breathes with the business, so the risk assessment is only one piece of the puzzle. That said, the use of attributes, formalized definitions for different security zones potentially impacted by various risks and a robust framework for defining and tracking dependencies gives you a much better chance to reduce the subjectivity of your risk assessments. Once completed, the results of the assessment are directly usable for ensuring you have direct traceability from business needs to ultimate security control selections in addition to full traceability from controls to the business objectives they support all the way through a layered security architecture.

Original source

The primary difference with this and other methods is the granularity it gives you along with the ability to identify potential systemic risk interactions The objective of the report is to ensure the company has an overall, architected approach to risk management that lives and breathes with the business, so the risk assessment is only one piece of the puzzle That said, the use of attributes, formalized definitions for different security zones potentially impacted by various risks and a robust framework for defining and tracking dependencies gives you a much better chance to reduce the subjectivity of your risk assessments Once completed, the results of the assessment will be directly usable for ensuring that the company has direct traceability from business needs to ultimate security control selections

6/28/2020 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 4/5

Student paper 95%

techtarget 66%

detoxtechnologies 100%

detoxtechnologies 65%

detoxtechnologies 98%

detoxtechnologies 94%

riskwatch 90%

2

Student paper

Any tools you have are only as good as the methodology you use to ultimately contextualize the information security assessment results in business terms so that it’s easy to make the right decisions. The better and more business-focused the risk assessment methodology, the less work needs to be done to enable business risk owners to make the right risk management decisions.

Original source

Any tools used are only as good as the methodology you use to ultimately contextualize the information security risk assessment results in the company terms so that it’s easy to make the right decisions The better and more business- focused the risk assessment methodology, the less work needs to be done to enable business risk owners to make the right risk management decisions

3

Student paper

This is one of the best web application security testing tools.

Original source

Web application security testing

4

Student paper

It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on web applications.

Original source

It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on web applications

4

Student paper

It is used to detect network activities as well as detects the open ports on the host.

Original source

Nmap is used to detect the live host on the network (host discovery), also detects the open ports on the host

4

Student paper

This is a remote security scanning tool used during vulnerability assessment and penetration testing. Nessus scans for vulnerabilities on Windows and UNIX systems, these qualities make this tool all-rounder. This tool is best for security testing teams and penetration experts.

Original source

Nessus is a remote security scanning tool used during vulnerability assessment and penetration testing Nessus scans for vulnerabilities on Windows and Unix systems, these qualities make this tool all-rounder This tool is best for security testing teams and penetration experts

4

Student paper

Metasploit is a very popular hacking and penetration testing tool. It is a penetration testing framework which makes finding vulnerabilities very easy. Metasploit is often used to test remote systems vulnerability. Metasploit finds security issues, verify vulnerability mitigations & manages security assessments.

Original source

Metasploit is a very popular hacking and penetration testing tool It is a penetration testing framework which makes finding vulnerabilities very easy Metasploit is often used to break into remote systems or test for a computer system vulnerability Metasploit finds security issues, verify vulnerability mitigations & manages security assessments

5

Student paper

From there, take a look and see what your unique processes or needs are that aren’t already addressed. Then, you’ll determine your risk based on custom scales and metrics that make the most sense for your business, including asset value, likelihood of the risk occurring, impact of the risk, and any third-party data.

Original source

From there, take a look and see what your unique processes or needs are that aren’t already addressed Analyze Data Once risks are identified, you’ll analyze them with custom scales and metrics that make the most sense for your business, including asset value, likelihood of the risk occurring, impact of the risk, and any third-party data

6/28/2020 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=0ad4b87b-4851-442d-9610-7be384043f… 5/5

riskwatch 97%

wikipedia 100%

Student paper 100%

5

Student paper

that you’re addressing. You’ll then be able to offer recommendations and assign tasks to personnel to close security gaps and improve risk scores (Ramachandran, 2018). It’s also crucial to create reports that analyze risk across your assets and track what risks were identified and what steps were taken to mitigate those risks. This makes it easier to show how risk is reducing or compliance is improving over time as you perform your next assessment, and also to be able to provide evidence of your assessment in case of an audit.

Original source

that you’re addressing You’ll then be able to offer recommendations and assign tasks to personnel to close security gaps and improve risk scores It’s also crucial to create reports that analyze risk across your assets and track what risks were identified and what steps were taken to mitigate those risks This makes it easier to show how risk is decreasing or compliance is improving over time as you perform your next assessment, and also to be able to provide evidence of your assessment in case of an audit

6

Student paper

John Wiley & Sons.

Original source

John Wiley & Sons

7

Student paper

Security, design, and architecture for broadband and wireless network technologies.

Original source

Security, Design, and Architecture for Broadband and Wireless Network Technologies