CS 405 Project Two Presentation - Christopher Roelle

pptx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

405

Subject

Information Systems

Date

Apr 3, 2024

Type

pptx

Pages

Uploaded by CaptainStingray2490

Green Pace Security Policy Presentation Developer: Christopher Roelle

OVERVIEW: DEFENSE IN DEPTH

THREATS MATRIX [Populate the Threats Matrix table and provide explanations to summarize of all of your security risks.] Likely [Insert text here.] Priority [Insert text here.] Low priority [Insert text here.] Unlikely [Insert text here.]

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

10 PRINCIPLES • Validate Input Data • Heed Compiler Warnings • Architect and Design for Security Policies • Keep it Simple • Default Deny • Adhere to the Principle of Least Privilege • Sanitize Data Sent to Other Systems • Practice Defense-in-Depth • Use Effective QA Techniques • Adopt a Secure Coding Standard

CODING STANDARDS High-Priority • STD-003-CPP – String Correctness – Buffers • STD-004-CPP – SQL Injection – Parameterization of Tokens • STD-005-CPP – Memory Protection – Allocation errors • STD-008-CPP – Iterators – Valid Loop Constraints Low-Priority • STD-001-CPP – Data Type – Underflow/Overflow • STD-002-CPP – Data Value – Incorrect Casting • STD-006-CPP – Assertions – Assertions are not logic control • STD-007-CPP – Exceptions – Catch Exceptions • STD-009-CPP – I/O – Close I/O after use • STD-010-CPP – One-Task Object/Functions – Keep It Simple

ENCRYPTION POLICIES • Encryption In Rest • Encryption At Flight • Encryption In Use

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

TRIPLE-A POLICIES • Authentication (AuthX) • Authorization (AuthZ) • Accounting

Unit Testing [Identify the coding vulnerability you chose to test. Include four to six mixed tests for positive and negative results. Include a slide for each test. Use the question for the test as the title. Show the results.]

AUTOMATION SUMMARY

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

TOOLS DevSecOps Pipeline • Planning • Coding • Building • Testing • Deployment • Monitoring

RISKS AND BENEFITS • Risks of Waiting • Benefits of Adopting now • Lacking Security Points

RECOMMENDATIONS • Human Error • Peer Code Reviews • Regular External Security Audits • Social Engineering Awareness Training

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

CONCLUSIONS • Social Engineering Awareness • Kevin Mitnick • Closing Words

REFERENCES • Software Engineering Institute. (n.d.). SEI CERT C Coding Standard. https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standa rd • National Institute of Standards and Technology (NIST). (n.d.). Defense in Depth. Computer Security Resource Center (CSRC). https://csrc.nist.gov/glossary/term/defense_in_depth Mitnick, K., & Simon, W. L. (2012). Ghost in the wires: My adventures as the world's most wanted hacker. Little, Brown and Company.

CS 405 Project Two Presentation - Christopher Roelle

Related Documents