This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

CST620_Project 5: Database Security Assessment

Admin 22 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

 

CST620_Project 5: Database Security Assessment

You are a contracting officer’s technical representative, a Security System Engineer, SSE, at a military hospital. Your department’s leaders are adopting a new medical health care database management system. And they’ve tasked you to put together a team to create a request for proposal for which different vendors will compete to build and provide to the hospital. A Request for Proposal, or RFP, is when an organization sends out a request for estimates on performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are tailored to each endeavor but have common components and are important in the world of IT contracting and for procurement and acquisitions. To complete the RFP, you must determine the technical and security specifications for the system. You’ll write the requirements for the overall system and provide evaluation standards that will be used in rating the vendor’s performance. Your learning will help you determine your system’s requirements. As you discover methods of attack, you’ll write prevention and remediation requirements for the vendor to perform. Additionally, you’ll produce a report detailing a test plan and remediation results. This document will accompany the RFP and will include security guidelines for vendors. You must identify the different vulnerabilities the database should be hardened against. You have a good relationship with the vendors in determining these requirements for the procurement. You’ll work in partnership in your teams to define test protocol of the database management system and to devise remediation. These results will be incorporated into the test plan and remediation results and will also be part of the RFP. Work in partnership teams to test and validate the remediation and attacks and to create the RFP.

SECURITY STANDARDS REQUIREMENTS

[Integrate information from step 3. Provide the vendor a set of internationally recognized standards to incorporate into manufacturing database and mechanisms. These will serve as metrics of security performance to measure security processes incorporated into product. Read about database models, Common Criteria (CC) for information technology security evaluation, Evaluated Assurance Levels (EALs) and Continuity of Service. Be sure to address concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks.]

 

  1. : Provide vendor security standards
    1. To be completed by a designated team member
    2. State everything as requirements in context of the medical database
    3. Provide set of internationally recognized standards to incorporate into manufacturing database and mechanisms
    4. Serve as metrics of security performance to measure security processes incorporated into product
    5. Read about
      1. Database models
      2. Common Criteria (CC) for information technology security evaluation
  • Evaluated Assurance Levels (EALs)
  1. Continuity of Service
  1. Address concepts and issues with respect to
    1. Disasters and disaster recovery
    2. Mission continuity
  • Threats
  1. Cyberattacks

 

  1. TEST PLAN AND REMEDIATION RESULTS (TPRR)
  • [Integrate information from Step 10. Create a test plan and review remediation results and Create report for vendors. First review 1) error handling and information leakage; 2) insecure handling; 3) cross-site scripting (XSS/CSRF) flaws; 4) SQL injections; 5) memory leakage; 6) insecure configuration management; 7) authentication (with a focus on broken authentication); 8) access control (with a focus on broken access control); and 9) guideline for Creating a Test Plan and Remediation Results (TPRR) Report. Define test protocol for vendors. Make them aware of several possible vulnerabilities to database asset security. Create test procedure for testing that vulnerability that provide remediation of that vulnerability for the TPRR. Vendors will use TPRR to demonstrate hardening against those vulnerabilities.]

 

 

  1. : Include access control concepts, capabilities
    1. To be completed by a designated team member
    2. State everything as requirements in context of the medical database
    3. Focus on access control
    4. Vendor will need to demonstrate capabilities to enforce to database management systems
      1. Identification
      2. Authentication
  • Access
  1. Authorization
  1. Vendor must
    1. Identify types of access control capabilities
    2. How they execute access control
  2. Provide requirement statements for vendor regarding
    1. Access control concepts
    2. Authentication
  • Direct object access

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask