Write Requirements for Multiple Independent Levels of Security and Include Access Control Concepts and Capabilities

I have to Write Requirements for Multiple Independent Levels of Security and Include Access Control Concepts, Capabilities. See Attached Files
project_5.docx

project_5_scenerio.docx

project_5.pdf

project_5_scenerio.pdf

Unformatted Attachment Preview

This assignment is two tasks of a general project and should be about four to six pages total.
Please review the attached scenario of the project and also step eight and nine descriptions.
MILS REQUIREMENTS
[Integrate information from step 8. Write requirements for multiple independent levels of
security (MILS). Include that vendor will be devising prototyping test plans and executing tests
against sample databases to determine requirements for access, access control, authentication and
security models that define read and write access. Also access to data will be accomplished using
security concepts and security models that ensure confidentiality and integrity of data. Best to
review access control and authentication. Health care database should have capabilities for
MILS. Lastly, include organization plans on expanding user base of the database, web interface,
database read, and write and access controls should be built incorporating security models.
Before writing the requirement statement review MILS, cybersecurity models and insecure
handling. Include in the statement: 1) definitions and stipulations for cybersecurity models; 2)
the Biba Integrity, Bell-LaPaula, Chinese Wall Models and any limitations for the application of
these models. Include requirement statements regarding vendor’s insecure handling solutions
based on the definitions of the security model included in requirements statement.]
Step 8: Write Requirements for Multiple Independent Levels of Security
The previous step required you to identify operating system security components to support the
database. For this step, you will focus on identification, authentication, and access. Since you are
determining and incorporating the requirements into the RFP, in your role as SSE, you are also
devising prototyping test plans and executing tests against sample databases to determine the
requirements for access, access control, identification and authentication, and the security models
that define read and write access. Access to the data is accomplished using security concepts and
security models that ensure confidentiality and integrity of the data. Refer to access control and
authentication to refresh your knowledge.
The health care database should have capabilities for multiple independent levels of security
(MILS). Your organization plans on expanding the user base of the database, and the web
interface and the database read, write, and access controls should be built incorporating security
models.
To be completed by a designated team member:
Write requirement statements for MILS in your database. Include the definitions and stipulations
for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula model and and the
Chinese Wall model. Indicate any limitations for the application of these models. Review the
content of the following resources. As you’re reading, note which cybersecurity models are most
beneficial to your database.
•
•
•
multiple independent levels of security (MILS)
cybersecurity models
insecure handling
Include requirement statements regarding the vendor’s insecure handling solutions. They are to
be accounted for in whatever security model the vendor chooses to incorporate, based on the
definitions of the security model that you included with the requirements statement. Include this
in the RFP.
In the next step, you will consider access control.
ACCESS CONTROL REQUIREMENTS
[Integrate information from step 9. Include access control concepts, capabilities. Focus on access
control. Vendor will need to demonstrate capabilities to enforce to database management
systems that includes identification, authentication, access, and authorization. The vendor must
identify types of access control capabilities and how they execute access control. Provide
requirement statements for vendor regarding access control concepts, authentication, and direct
object access.]
Step 9: Include Access Control Concepts, Capabilities
In the previous step, you wrote requirements for multiple levels of security, including the topics
of identification, authentication, and access. In this step, you will focus on access control. The
vendor will need to demonstrate capabilities to enforce identification, authentication, access, and
authorization to the database management systems. Include requirement statements in the RFP
that the vendor must identify, the types of access control capabilities, and how they execute
access control.
To be completed by a designated team member:
Provide requirements statements for the vendor regarding access control concepts,
authentication, and direct object access. Include the requirement statement in the RFP.
In the next step, you will create a test plan and review your remediation efforts, as well as come
up with a report for vendors.
CST620_Project 5: Database Security Assessment
(Group Project Case Study)
You are a contracting officer’s technical representative, a Security System Engineer, SSE, at a
military hospital. Your department’s leaders are adopting a new medical health care database
management system. And they’ve tasked you to put together a team to create a request for proposal
for which different vendors will compete to build and provide to the hospital.
A Request For Proposal, or RFP, is when an organization sends out a request for estimates on
performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are
tailored to each endeavor but have common components and are important in the world of IT
contracting and for procurement and acquisitions. To complete the RFP, you must determine the
technical and security specifications for the system.
You’ll write the requirements for the overall system and also provide evaluation standards that will
be used in rating the vendor’s performance. Your learning will help you determine your system’s
requirements. As you discover methods of attack, you’ll write prevention and remediation
requirements for the vendor to perform.
Additionally, you’ll produce a report detailing a test plan and remediation results. This document will
accompany the RFP and will include security guidelines for vendors. You must identify the different
vulnerabilities the database should be hardened against.
You have a good relationship with the vendors in determining these requirements for the
procurement. You’ll work in partnership in your teams to define test protocol of the database
management system and to devise remediation. These results will be incorporated into the test
plan and remediation results and will also be part of the RFP. Work in partnership teams to test and
validate the remediation and attacks and to create the RFP.
This assignment is two tasks of a general project and should be about four to six pages total.
Please review the attached scenario of the project and also step eight and nine descriptions.
MILS REQUIREMENTS
[Integrate information from step 8. Write requirements for multiple independent levels of
security (MILS). Include that vendor will be devising prototyping test plans and executing tests
against sample databases to determine requirements for access, access control, authentication and
security models that define read and write access. Also access to data will be accomplished using
security concepts and security models that ensure confidentiality and integrity of data. Best to
review access control and authentication. Health care database should have capabilities for
MILS. Lastly, include organization plans on expanding user base of the database, web interface,
database read, and write and access controls should be built incorporating security models.
Before writing the requirement statement review MILS, cybersecurity models and insecure
handling. Include in the statement: 1) definitions and stipulations for cybersecurity models; 2)
the Biba Integrity, Bell-LaPaula, Chinese Wall Models and any limitations for the application of
these models. Include requirement statements regarding vendor’s insecure handling solutions
based on the definitions of the security model included in requirements statement.]
Step 8: Write Requirements for Multiple Independent Levels of Security
The previous step required you to identify operating system security components to support the
database. For this step, you will focus on identification, authentication, and access. Since you are
determining and incorporating the requirements into the RFP, in your role as SSE, you are also
devising prototyping test plans and executing tests against sample databases to determine the
requirements for access, access control, identification and authentication, and the security models
that define read and write access. Access to the data is accomplished using security concepts and
security models that ensure confidentiality and integrity of the data. Refer to access control and
authentication to refresh your knowledge.
The health care database should have capabilities for multiple independent levels of security
(MILS). Your organization plans on expanding the user base of the database, and the web
interface and the database read, write, and access controls should be built incorporating security
models.
To be completed by a designated team member:
Write requirement statements for MILS in your database. Include the definitions and stipulations
for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula model and and the
Chinese Wall model. Indicate any limitations for the application of these models. Review the
content of the following resources. As you’re reading, note which cybersecurity models are most
beneficial to your database.
•
•
•
multiple independent levels of security (MILS)
cybersecurity models
insecure handling
Include requirement statements regarding the vendor’s insecure handling solutions. They are to
be accounted for in whatever security model the vendor chooses to incorporate, based on the
definitions of the security model that you included with the requirements statement. Include this
in the RFP.
In the next step, you will consider access control.
ACCESS CONTROL REQUIREMENTS
[Integrate information from step 9. Include access control concepts, capabilities. Focus on access
control. Vendor will need to demonstrate capabilities to enforce to database management
systems that includes identification, authentication, access, and authorization. The vendor must
identify types of access control capabilities and how they execute access control. Provide
requirement statements for vendor regarding access control concepts, authentication, and direct
object access.]
Step 9: Include Access Control Concepts, Capabilities
In the previous step, you wrote requirements for multiple levels of security, including the topics
of identification, authentication, and access. In this step, you will focus on access control. The
vendor will need to demonstrate capabilities to enforce identification, authentication, access, and
authorization to the database management systems. Include requirement statements in the RFP
that the vendor must identify, the types of access control capabilities, and how they execute
access control.
To be completed by a designated team member:
Provide requirements statements for the vendor regarding access control concepts,
authentication, and direct object access. Include the requirement statement in the RFP.
In the next step, you will create a test plan and review your remediation efforts, as well as come
up with a report for vendors.
CST620_Project 5: Database Security Assessment
(Group Project Case Study)
You are a contracting officer’s technical representative, a Security System Engineer, SSE, at a
military hospital. Your department’s leaders are adopting a new medical health care database
management system. And they’ve tasked you to put together a team to create a request for proposal
for which different vendors will compete to build and provide to the hospital.
A Request For Proposal, or RFP, is when an organization sends out a request for estimates on
performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are
tailored to each endeavor but have common components and are important in the world of IT
contracting and for procurement and acquisitions. To complete the RFP, you must determine the
technical and security specifications for the system.
You’ll write the requirements for the overall system and also provide evaluation standards that will
be used in rating the vendor’s performance. Your learning will help you determine your system’s
requirements. As you discover methods of attack, you’ll write prevention and remediation
requirements for the vendor to perform.
Additionally, you’ll produce a report detailing a test plan and remediation results. This document will
accompany the RFP and will include security guidelines for vendors. You must identify the different
vulnerabilities the database should be hardened against.
You have a good relationship with the vendors in determining these requirements for the
procurement. You’ll work in partnership in your teams to define test protocol of the database
management system and to devise remediation. These results will be incorporated into the test
plan and remediation results and will also be part of the RFP. Work in partnership teams to test and
validate the remediation and attacks and to create the RFP.
…
Purchase answer to see full
attachment