CS-405 Project Two: Presentation (PowerPoint)
Description
demonstrate your mastery of the following competency:
Use external testing methods to identify potential vulnerabilities
Scenario
- You have been asked to present the Green Pace security policy guide and to provide implementation guidelines and recommendations for maintaining it in the future. The developers have been employing best practices and, as the team grows, itænbsp;critical that everyone remains in sync with principles and best practices. Your job is to take the implicit policies that are applied daily in practice and explain how they have been standardized. You will explain your Green Pace security standards and policies, including the surface area of an attack and assumption of vulnerability. It is your job to demonstrate how the coding and architectural issues are organized using a set of 10 guiding security principles. You will demonstrate how you apply external testing methods to identify potential vulnerabilities by adding screenshots from your coding exercises and explaining how external testing methods will catch the vulnerabilities. You will be writing unit tests to check for the vulnerabilities using the unit testing framework for C++ in Visual Studio.
Your presentation will follow the format of the security policy. First, you will produce a matrix illustrating the threat levels for each of the vulnerabilities you covered in your policy document. Next, you will spend time going through each of the coding policy standards. Following the coding standards, you will cover the use of encryption and then explain how the Triple-A framework will be used and applied. Then you will discuss the risks and benefits of mitigating current issues, such as which ones should be addressed first and why? Finally, you will present a vision for the future of policy creation: Based on current gaps, where should the focus be in preventing threats? What are ways to get in front of potential threats? Your final presentation will represent principles and best practices for coding and systems architecture for Green Pace developers.
Directions
You have been tasked with presenting your brand-new security policy to the whole development team. Your presentation contains policies, standards, principles, and best practices that help prevent the threat of potential security vulnerabilities in both code development and systems architecture.
Specifically, you will need to use the PowerPoint template provided in Supporting Materials and follow the steps outlined below to create a presentation. Your presentation will follow the outline by documenting your policies and demonstrating that they are clear, repeatable, and ready to implement. The security policy ensures compliance and is part of an overarching defense-in-depth strategy.
Follow the template by populating each of the slides and completing the threat matrix. The threat matrix will be used to frame your policy because it shows all of the coding vulnerabilities you have identified and how you view them as potential threats to the system. You will complete the matrix by adding each of the 10 coding standards using their reference numbers. In addition to completing the slide deck, you will prepare a script that you will read to produce a narrated presentation. Use the script template in the Supporting Materials to produce a narrated PowerPoint presentation. You may use a screen-capture program or the internal recording feature in PowerPoint. The script will become a transcript, which is necessary for accessibility.
Title Page (1 slide)
Add your name to the template.
Overview (2 slides)
- Introduce your security policy. Summarize why it was needed and how it will be used to support the defense-in-depth best practice. (The slide already contains the illustration.)
Populate the Threats Matrix table and provide explanations to summarize all of your security risks.
Demonstrate how you can use automation to detect these coding vulnerabilities.
- Principles (1 slide)
List the 10 principles, and list the coding standards that apply to each principle. This shows the alignment between principles and standards.
- Coding Standards (1 slide)
List the 10 coding standards in priority order, and then explain your system of prioritization.
Encryption Strategy (1 slide)
- Summarize the policies for encryption in flight, at rest, and in use.
- Triple-A Framework (1 slide)
- Summarize the policies that support authentication, authorization, and accounting.
Unit Testing
- Add a slide for each of the unit tests, adding points on how to take it a step further.
Show how to apply the unit testing frameworks.
Automation Summary (1 slide)
- DevSecOps Diagram: Explain where the security tools reside in the flow of automation. State which stages will contain security automation. For instance, when will the compiler be used?
Risks and Benefits (1 or more slides)
- State the problems, solutions, and the risks or benefits involved if you act now or decide to wait.
Recommendations and Conclusion (2 slides)
Moving forward, explain your gap analysis of the existing security policy and future potential gaps and improvements. You will be graded on the quality of the supporting details you provide. Do you offer real-world examples to support your claims? If the explanation is logical, it will be considered proficient. If you provide evidence (e.g., a real-world example, link, or citation), you will exceed expectations.
- What current gaps in the security policy still need to be addressed?
What standards should be adopted to prevent future problems?
Submit a written script, formatted as a Word document, that will serve as the transcript for the narrated presentation.
Unformatted Attachment Preview
Security Policy Presentation
Developer: [Insert your name here]
[Complete this template by replacing the bracketed text with the relevant
information.]
OVERVIEW: DEFENSE IN DEPTH
[Introduce your security policy. Explain why it was needed and how it will
be used to support the defense-in-depth best practice.]
THREATS MATRIX
[Populate the
Threats Matrix
table and
provide
explanations to
summarize of all
of your security
risks.]
Likely
[Insert text here.]
Priority
[Insert text here.]
Low priority
[Insert text here.]
Unlikely
[Insert text here.]
10 PRINCIPLES
List the 10 principles. List the coding standards that apply to each principle.
This should demonstrate the alignment between principles and standards.]
CODING STANDARDS
List the 10 coding standards. Explain your own ranking system for vulnerabilities,
using specific details from the coding standards in your security policy.]
ENCRYPTION POLICIES
Explain the policies for encryption in flight, at rest, and in use.]
TRIPLE-A POLICIES
Explain the policies that support authentication, authorization, and
accounting.]
Unit Testing
[Identify the coding vulnerability you chose to test. Include four to six mixed
tests for positive and negative results. Include a slide for each test. Use the
question for the test as the title. Show the results.]
AUTOMATION SUMMARY
TOOLS
Explain the DevSecOps pipeline.]
Summarize the external tools and where and how they are used in the context
of the diagram.]
RISKS AND BENEFITS
Describe the problems, the solutions, and the risks or benefits involved if you act
now or wait. Where is the strategy lacking? What are the risks of using this strategy?
Which steps should be taken?]
RECOMMENDATIONS
Identify gaps in the security policy.]
CONCLUSIONS
Identify standards that should be adopted to prevent future problems.]
REFERENCES
Provide APA-style references with links to resources, articles, and videos that
you used in your presentation.]
CS 405 Project Two Script Template
Complete this template by replacing the bracketed text with the relevant information.
Slide Number
Narrative
[Insert text.]
1
[Insert text.]
2
[Insert text.]
3
[Insert text.]
4
[Insert text.]
5
[Insert text.]
6
[Insert text.]
7
Slide Number
Narrative
[Insert text.]
8
[Insert text.]
9
[Insert text.]
10
[Insert text.]
11
[Insert text.]
12
[Insert text.]
13
[Insert text.]
14
Purchase answer to see full
attachment
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."