Project 4: System Development or Application Assurance
Project 4: System Development or Application Assurance is a 1week project that explores cybersecurity implications related to software application development or procurement from the cybersecurity risk perspective. The deliverable in Project 4 is a documented procurement process that supports all three of the previous project results. The objective is to demonstrate the value-add of a procurement process that includes security principles, methods, and tools as used in the software development life cycle.
Project 4: System Development or Application Assurance
Start Here
It is critical that cybersecurity professionals be able to use all applicable systems, tools, and concepts to minimize risks to an organization’s cyberspace and prevent cybersecurity incidents. In this project, you will demonstrate your understanding of how to apply security principles, methods, and tools within the software development life cycle. You will also apply your knowledge of the cybersecurity implications related to procurement and supply chain risk management.
This is the fourth and final project for this course. There are 13 steps in this project. Begin below to review your project scenario.
scenario
System Development or Application Assurance
Your vulnerability assessment has been completed, and it’s a good thing, because you found several system weaknesses in the area of application software security.
If these weaknesses were exploited, it could ruin your company’s reputation. Not to mention causing major disruptions to operations and unexpected costs.
You plan on following up on these issues this afternoon, but it’s about lunchtime, so you head out for a quick bite to eat.
You pass by Maria Sosa’s office and see her at her desk. You knock on her door frame, peek inside, and ask if she has a minute. Maria motions to you. “Come on in.”
“What brings you to my office?”
You give her a high-level overview of your findings, and tell her that after lunch, you plan to start taking an even closer look.
Maria says: “That sounds great. Can you write up your analysis and recommendations for solutions? I’d like to share this with important stakeholders at the executive meeting next week. How does that sound?”
You nod in agreement. Then you make a beeline back to your office and grab an energy bar from your desk. You need to prepare for your presentation for the meeting next week.
Competencies
Your work will be evaluated using the competencies listed below.
• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
• 1.5: Use sentence structure appropriate to the task, message and audience.
• 2.4: Consider and analyze information in context to the issue or problem.
• 9.4: Software Security Assurance: Demonstrate secure principles, methods, and tools used in the software development life cycle.
• 9.5: Software Security Assurance: Describe the cybersecurity implications related to procurement and supply chain risk management.
Artifacts to submit for this project
1) Software vulnerability assessment
2) Procurement policy list
3) Software acceptance policy
4) Test script procedures
5) Supply chain cyber security risk report
6) Acquisition alignment report
7) Supply chain risk mitigation final report
THIS IS WHAT IS REQUIRED FOR THE LAST
ARTIFACT. That is NUMBER 7 artifact above (Supply Chain Risk Mitigation Final Report)
Project 4: Supply Chain Risk Mitigation Final Report
Hide Assignment Information
Turnitin®
This assignment will be submitted to Turnitin®.
Hide Rubrics
Rubric Name: Supply Chain Risk Mitigation Final Report
Print Rubric
This table lists criteria and criteria group names in the first column. The first row lists level names and includes scores if the rubric uses a numeric scoring method. You can give feedback on each criterion by tabbing to the add feedback buttons in the table.Competency
Exceeds Performance Requirements
Meets Performance Requirements
Does Not Meet Performance Requirements
1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.5: Use sentence structure appropriate to the task, message and audience.
2.4: Consider and analyze information in context to the issue or problem.
9.4: Demonstrate secure principles, methods, and tools used in the software development life cycle.
9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
________________________________________
Overall Score
Overall Score
Feedback
Associated Learning Objectives
1.1.1: Present material in clear and/or logical order appropriate to task.
Assessment Method: Score on Criteria – 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
Required Performance: Meets Performance Requirements
1.1.2: Articulate thesis and purpose clearly.
Assessment Method: Score on Criteria – 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
Required Performance: Meets Performance Requirements
1.1.3: Support thesis and purpose fully.
Assessment Method: Score on Criteria – 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
Required Performance: Meets Performance Requirements
1.1.4: Transition smoothly and develop connections from point to point.
Assessment Method: Score on Criteria – 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
Required Performance: Meets Performance Requirements
1.1.5: Create coherent progress from introduction through conclusion.
Assessment Method: Score on Criteria – 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
Required Performance: Meets Performance Requirements
1.1.6: Complete assignment in accordance with instructions.
Assessment Method: Score on Criteria – 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
Required Performance: Meets Performance Requirements
1.5.1: Demonstrate variation in sentence structure.
Assessment Method: Score on Criteria – 1.5: Use sentence structure appropriate to the task, message and audience.
Required Performance: Meets Performance Requirements
1.5.2: Express ideas clearly and concisely.
Assessment Method: Score on Criteria – 1.5: Use sentence structure appropriate to the task, message and audience.
Required Performance: Meets Performance Requirements
1.5.3: Eliminate sentence-level errors such as run-ons/comma splices and sentence fragments.
Assessment Method: Score on Criteria – 1.5: Use sentence structure appropriate to the task, message and audience.
Required Performance: Meets Performance Requirements
2.4.1: Articulate clearly and fairly others’ alternative viewpoints and the basis of reasoning.
Assessment Method: Score on Criteria – 2.4: Consider and analyze information in context to the issue or problem.
Required Performance: Meets Performance Requirements
2.4.2: Identify significant, potential implications, and consequences of alternative points of view.
Assessment Method: Score on Criteria – 2.4: Consider and analyze information in context to the issue or problem.
Required Performance: Meets Performance Requirements
2.4.3: Evaluate assumptions underlying other analytical viewpoints, conclusions, and/or solutions.
Assessment Method: Score on Criteria – 2.4: Consider and analyze information in context to the issue or problem.
Required Performance: Meets Performance Requirements
9.4.1: Determine when to perform risk analysis during an application or system change.
Assessment Method: Score on Criteria – 9.4: Demonstrate secure principles, methods, and tools used in the software development life cycle.
Required Performance: Meets Performance Requirements
9.4.2: Evaluate security implications in the software acceptance phase.
Assessment Method: Score on Criteria – 9.4: Demonstrate secure principles, methods, and tools used in the software development life cycle.
Required Performance: Meets Performance Requirements
9.4.3: Document the software system testing and validation process from a cybersecurity policy standpoint.
Assessment Method: Score on Criteria – 9.4: Demonstrate secure principles, methods, and tools used in the software development life cycle.
Required Performance: Meets Performance Requirements
9.5.1: Optimize the effectiveness of procurement functions in addressing information security requirements and supply chain risks.
Assessment Method: Score on Criteria – 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Required Performance: Meets Performance Requirements
9.5.2: Describe appropriate supply chain risk management practices.
Assessment Method: Score on Criteria – 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Required Performance: Meets Performance Requirements
9.5.3: Develop a plan to align all acquisitions, procurements, and outsourcing efforts with organizational goals of information security.
Assessment Method: Score on Criteria – 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Required Performance: Meets Performance Requirements
9.5.4: Develop contract language to ensure supply chain, system, network, and operational security are met.
Assessment Method: Score on Criteria – 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Required Performance: Meets Performance Requirements
9.5.5: Describe software risk analysis processes.
Assessment Method: Score on Criteria – 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Required Performance: Meets Performance Requirements
9.5.6: Articulate the specific supply chain cybersecurity threats and the technologies and policies that can be used to mitigate the threats.
Assessment Method: Score on Criteria – 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Required Performance: Meets Performance Requirements
Submit Assignment