Homepage
Exam
[2019] INFR11098 SECURE PROGRAMMING - Final Exam - Q3 Security Checklist

[2019] INFR11098 SECURE PROGRAMMING - Final Exam - Q3 Security Checklist

This question has been solved

Engage in a Conversation

3. The US NIST Special Publication 800-70 introduces a national repository and recommendations for using security checklists. It says: CourseNana.COM

CourseNana.COM

A security configuration checklist (also referred to as a lockdown guide, hardening guide, security guide, security technical implementation guide [STIG], or benchmark) is essentially a document that contains instructions or procedures for configuring an IT product to an operational environment, for verifying that the product has been configured properly, and/or for identifyingunauthorised configuration changes to the product. CourseNana.COM

Considering the definition of security checklists, answer the following questions. CourseNana.COM

CourseNana.COM

(a) NIST recommends that organisations should apply security checklists to reduce the number of vulnerabilities that attackers can attempt to exploit and to lessen the impact of successful attacks. Why do you think that checklists would be useful for this purpose? Suggest four separate benefits. [8 marks] CourseNana.COM

(b) Will using a security checklist allow an organisation to eliminate all security risks associated with a system or product? Justify your answer. [3 marks] CourseNana.COM

(c) NIST has established a National Checklist Programme (NCP) to build a central checklist repository. What role do you think a NCP can play in software security? [3 marks] CourseNana.COM

(d) Discussing the role of BSIMM in organisational software security, describe how the NCP might connect to it. [3 marks] CourseNana.COM

(e) The picture below illustrates how users of checklists can apply them. CourseNana.COM

i. Apart from selecting checklists for the wanted IT products, suggest two further questions that users may ask of (and may be described in) a Checklist’s metadata, to decide if they want to use it. [2 marks] CourseNana.COM

ii. What further criteria would you propose to rank or improve checklists, and decide whether a checklist is fit for purpose? Make at least two suggestions. [2 marks] CourseNana.COM

iii. Would you make any criticisms about the potential use of checklists? Motivate your answer. CourseNana.COM

Get the Solution to This Question

WeChat (微信)

Last: [2019] INFR11098 SECURE PROGRAMMING - Final Exam - Q2 High Profile Vulnerabilities

Next: [2019] STAT 153 Introduction to Time Series - Midterm Exam - Q1 Stationary

UNIVERSITY OF EDINBURGH代写,INFR11098代写,SECURE PROGRAMMING代写,UNIVERSITY OF EDINBURGH代编,INFR11098代编,SECURE PROGRAMMING代编,UNIVERSITY OF EDINBURGH代考,INFR11098代考,SECURE PROGRAMMING代考,UNIVERSITY OF EDINBURGHhelp,INFR11098help,SECURE PROGRAMMINGhelp,UNIVERSITY OF EDINBURGH作业代写,INFR11098作业代写,SECURE PROGRAMMING作业代写,UNIVERSITY OF EDINBURGH编程代写,INFR11098编程代写,SECURE PROGRAMMING编程代写,UNIVERSITY OF EDINBURGHprogramming help,INFR11098programming help,SECURE PROGRAMMINGprogramming help,UNIVERSITY OF EDINBURGHassignment help,INFR11098assignment help,SECURE PROGRAMMINGassignment help,UNIVERSITY OF EDINBURGHsolution,INFR11098solution,SECURE PROGRAMMINGsolution,