EBK SOFTWARE ENGINEERING
10th Edition
ISBN: 8220101455970
Author: SOMMERVILLE
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 13, Problem 13.5E
Explanation of Solution
Use of layered approach for asset protection:
In system architecture, protection is one of the fundamental issues and layered architecture is used to provide protection.
In layered architecture, the critical protected assets are present at lowest level in lowest level and they have layers of protection around them.
For example, in a patient record system, the critical assets that need to be protected are records of each individual patient.
An attacker has to penetrate three system layers in order to access and modify patients’ records and as protection increases layered approach improves security...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
Security breaches in information systems are very commonplace these days even though some organizations have what they believe is good security controls. Because of their vulnerability to threats from hackers, internal personnel, and poor management of Hardware and software devices, security controls always need revisiting.From my perspective as manager of the Accounts and Finance department, every security breach affects this department even if it is just down time to be at meetings, to discuss strategies and costs to repair damages. When the breaches occur, unauthorized access is gained to either, do something malicious to the organization's resources to steal or sabotage data for financial gain.This usually results in the company's reputation/integrity being damaged, Loss of revenue during downtime, high costs to repair and restructure. legal ramifications are expected as well if guilty persons are found or if customers decide to sew for breach of contract and losses.Two Reasons…
In what ways may security concerns emerge when outlining a course of action and key milestones?
- There are many types of cybersecurity liability policies covering a host of eventualities. What insurance you should buy depends on your business model and your company board's risk appetite. For this discussion, pick one of the five cybersecurity laws, regulations, or policies you wrote about in the Module 5 assignment, and discuss what types of insurance you would recommend in case your company fails at compliance for that requirement. Discuss the risk-reward trade offs, and explain why you think your insurance recommendation is worth the cost.
Knowledge Booster
Similar questions
- CMU SE 17-627 Nancy Mead READINGS: SQUARE Technical Report DISCUSSION/EXERCISE: Objectives: Software Security Engineering Case Study #2 Due: Date shown on syllabus To experience most aspects of security requirements engineering Assignment: 1. Using the SQUARE Technical Report as a guide, apply SQUARE steps 1, 2, 3,4 (you just need to identify risks, you don't have to do a formal risk analysis), 5, 6, 7, and 8 to your Case Study project. Note: You do not need to interview your actual stakeholders for purposes of this exercise. 2. Develop attack trees and selected corresponding misuse cases as part of this exercise. . 3. Turn this assignment in on Blackboard BEFORE the next class.arrow_forwardInformation Security Policy Case Study 1. Case Learning Objectives • Explain the importance of information security policies to an organization. • Explain the aspects that should be included in an information security policy. • Create an issue specific policy. • Critique a security plan and update the plan. 2. Case Description In this case study the students are given two sample security policies. 1. NCA&T State University security policy [1] 2. GriffithUniversity security policy [2] The students will read the two sample policies and answer the case discussion questions. This case study emphasizes on enterprise specific policy and issue specific policy. Read the North Carolina Agricultural and Technical State University Information Security Plan and critique the plan Read the Griffith University Information Security Plan and critique the plan Update the North Carolina Agricultural and Technical State University Information Security Plan Update the…arrow_forwardWe would appreciate it if you could limit your answers to no more than three or four. Is there a clear definition of what it means to prioritise human rights in one's approach to S&T&D?arrow_forward
- Examples of how a security framework may assist with security infrastructure design and implementation are shown below. The definition and workings of information security governance are unclear. When it comes to planning ahead, who in the company should be in charge?arrow_forwardwriting organization policy. Name of the policy (Security Awareness and Training Policy) 2. Policy Definition: 3. Purpose 4. Scope 5. Target Audience or Applicability 6. Objectives: Information security is deemed to safeguard three main objectives: • Confidentiality - data and information assets must be confined to people authorized to access and not be disclosed to others; • Integrity - keeping the data intact, complete and accurate, and IT systems operational; • Availability - an objective indicating that information or system is at disposal of authorized users when needed. 7. Standard 8. Roles and Responsibilities 9. Procedures and Guidelines 10 Compliance and Enforcement 11. Non-Compliance and Exceptions 12. Referencesarrow_forwardPrinciples of Information Security Explain the following diagram:arrow_forward
- Using the Web, search for “Personal VPN.” Examine the various alternatives available and compare their functionality, cost, features, and type of protection. Create a weighted ranking according to your own evaluation of the features and specifications of each software package. Complete Exercise 1 using a matrix demonstrating your evaluation of alternative software VPNs. Create the matrix in a manner in which you would present it to a management level person for purchasing consideration. (Hint - this matrix can easily be created inside of Excel.)arrow_forwardLab Exercise 8: You are working for DeenaLateefa tech LLC a multi-national software development company as an Information Security Specialist your task is to define Disaster Recovery strategy for the organization. Utilize the below elements to implement security in this organization, you can add/drop elements as required, also extra elements can be added. Elements and design Define organizational responsibilities for BCP and DRP Document the business impact analysis (BIA) process Design an effective disaster recovery strategy Note: Diagrams can be included.arrow_forwardAn information system whose primary purpose is to manage and provide access to a database of information. Issues in information systems include security, usability, privacy, and maintaining data integrity. Answer the following question for the Web-based membership registration system for a library management system that uses is a web-based project. a) CREATE a workflow process for the above-mentioned system and EXPLAIN. b) CREATE a work breakdown structure for the above-mentioned scenario and EXPLAIN. c) PREPARE a risk management plan for the above-mentioned company. The plan should address financial, managerial, and technical risks. d) CREATE a framework for the resource management for the above scenario and EXPLAIN.arrow_forward
- Please list all the many elements that go into the creation of security systems.arrow_forwardBook title: Cybersecurity Essentials - Charles J. BrooksChapter 1 - Infrastructure security in the Real world From the information provided in the first scenario, consider the National Institute of Standards and Technology (NIST) functions detailed in this section and observe how they relate to each category. 1. Which steps could be put in place to recover from actions intended to access, disable, degrade, or destroy the assets that has been previously identified (NIST RC.RP-1)? (Refer to screenshot for reference)arrow_forwardChoose any two of the following security architectural models and explain, contrast, and compare them.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,